Crossed Wires - Latest Comments

Re: LDAP-backed DNS and DHCP…?

Alex Karasulu — Sat, 28 Jan 2012 09:10:16 -0000

Vic I think you hit one something very important with your ideas which we at the Apache Directory Project have been trying to bring to life. ApacheDS is a misnomer, it's a multiprotocol server that contains in process machinery to handle LDAP name space operations across various kinds of backing stores for entries called Partitions. Just like FS partitions you can attach a partition to a specific place in the LDAP namespace to expose entries. Also ApacheDS has protocol server plugins that need to access LDAP data and expose those entries via another protocol like for example the DNS server plugin module. It accesses the various DNS records stored in ADS and exposes them via DNS in the same process space making things fast and secure without the additional hop between a DNS server and it's LDAP server backing.

Although the DNS server is much more functional we also have a partially implemented DHCP server module. Once we have support for multicast in our Apache MINA based network layer we intend to finish this module. It can store lease information in an area that is mapped to a partition optimized for writes. This can be a simple flat file keeping the leases info in LDIF format. But it can be fast at reads and writes. The ability to mount a partition using a heterogeneous mixture of partition implementations inside the same LDAP directory information tree (DIT) makes it so you and the Russian fellow can have your cake and eat it too.

Now with MMR between ApacheDS nodes that means all the protocol services ApacheDS supports including DNS, DHCP, Kerberos, LDAP, LDAPS and others are automatically replicated. Furthermore we manage and store the configuration information for these protocol service modules inside the LDAP tree in a configuration area. ApacheDS has the ability to snapshot and rollback configuration state across partitions and all entries in the server are versioned making it an idea LDAP server for configuration management. Having all theses services that must be coordinated (orchestrated) to operate together at times under a single configuration node that is versionable and revertable makes life for the admin a heck of a lot easier. Oh and plus with some low level integration tier constructs like (some implemented and some not) triggers, views, and stored procedures, disaster recovery scenarios with downed sites and DNS fail over becomes trivial to manage. Geo-locality based on source can also be used to handle some minimal content delivery maters using triggers and SP as well. There's a lot we can do ... only our imagination limits us.

The Apache Directory Project can use more volunteers to make this shared vision of ours a reality. Our goal is to build a highly available LDAP server that can make these HA dreams a cakewalk. In the future we would like to see an all-in-one LDAP, NOS, and IdM server without all the moving parts that make infrastructures brittle.

Re: ppc Linux on the PowerMac G5

Ron Luker — Fri, 30 Dec 2011 15:07:03 -0000

Why not install OS X Leopard Server? It will provide you with a file server, web server, wiki server, ichat server, ical server and much more.

Re: Asterisk chan_mobile fail

Sebastian Arcus — Thu, 24 Nov 2011 16:55:27 -0000

Hi - not exactly an answer to your questions - just relating my experience. I've been using now for few years a Cambridge Silicon Radio dongle with a Nokia 5000 mobile. I've also tried it with success with a newer Nokia 2730 Classic. I first used it with Asterisk 1.6.x series, now it is working with Asterisk 1.8.x series. I found it a bit fiddly in the beginning - but nothing like as much trouble you seem to have had - thankfully.

One issue that I have is that the bluetooth connection reliably disconnects at the end of the call. I've stumbled over an Asterisk bug - which after few years of patches and investigation was eventually closed with (roughly) the conclusion: "This behaviour is typical of certain Nokia phones and there is nothing chan_mobile can do about it". So I just set it to attempt reconnects every 10 seconds in chan_mobile.conf and hope nobody will call within 10 seconds of ending the last call.

I normally use it to leave my mobile at home when I go abroad - and use another mobile with a local sim form the country I am in. Then I get Asterisk from home to patch calls incoming on my landline and mobile through to my foreign mobile number where I am. It works out cheaper that way. Kind of a DIY roaming.

Good luck with your endevour.

P.S. - At the moment I'm working to get gnokii working with my phone over usb - so that I can have my SMS forwarded over email to me when I'm abroad. chan_mobile SMS only works with a restricted number of phones - mainly Symbian S60 devices from what I gather.

Re: My local Borders is no more

Mario Bono — Tue, 05 Jul 2011 02:05:12 -0000

Agree with you, Vic! Libraries are great places for learning and teaching and relaxing! It'll be interesting to see how the commoditization of reading via e-books changes how we interact with physical books.

[What Does Commoditize Mean?
The act of making a process, good or service easy to obtain by making it as uniform, plentiful and affordable as possible. Something becomes commoditized when one offering is nearly indistinguishable from another. As a result of technological innovation, broad-based education and frequent iteration, goods and services become commoditized and, therefore, widely accessible.]

E-books are very accessible, but simply can't replace the feeling of holding and opening a book, passing your fingers over printed text, and turning the pages. I think that's why I've resisted buying an e-book reader. Maybe for technical books, I'd give it a go, but for the fiction & non-fiction books that I read and re-read, I simply love to hold a physical book. Even the yellowing pages and thumbprints of some old paperbacks hold dear memories for me of how much I've enjoyed reading them. :-)

Re: LDAP-backed DNS and DHCP…?

Jaime González Abaitua — Thu, 16 Jun 2011 02:33:09 -0000

For years i've used LDAP as DHCP source, i'm now trying to also get the DNS use the same data as backend.

The package, at least in debian is called dhcp3-server-ldap, and works so simple by defining an LDAP source in the config files; then using some dhcp schema in your ldap that provides you a couple of attributes defining needed things.

Re: Network virtualisation

Edouard Bourguignon — Thu, 19 May 2011 11:22:36 -0000

Thank you, I will try to get this issue of Admin Magazine

Re: Network virtualisation

Vic Cross — Tue, 10 May 2011 10:32:20 -0000

Thanks for your comment... I have to admit it took me a while to understand again what the problem was with the way I was trying to work it.

The problem was that I wanted different virtual machines to be configured differently -- some to receive untagged frames for particular VLANs, and others to receive all the tagged frames straight from the switch. I can't recall if I tried your method or not, but what I found was that the physical interface no longer saw any packets once a VLAN was configured against it, which meant the "VLAN-aware bridge" didn't see any traffic. It didn't appear that a bridge was sufficient isolation of that (the second paragraph in my original post implies that I tried something like what you described but it didn't work for me). Perhaps the choice of network card makes a difference too, changing where the VLAN processing happens...?

Like I said though, I can't recall if I tried a bridge behind a bridge as you've shown -- perhaps I should give it a go!

Re: Asterisk chan_mobile fail

Vic Cross — Tue, 10 May 2011 10:17:06 -0000

Thanks for the report! Glad to hear chan_mobile is working for someone. I guess I was unlucky with handset(s) and dongles I tried. Perhaps I'll try again one day!

Re: LDAP-backed DNS and DHCP…?

Vic Cross — Tue, 10 May 2011 10:13:54 -0000

Well I think "pointless" is a bit harsh... ;-)

Yes LDAP is a directory, but it has to be written to sometime! A network with 2000 hosts that renew their lease every hour would result in, on average, an update only every one to two seconds. Probably more than your average telephone directory LDAP server might expect, but would it really be that difficult for a decent enterprise-grade LDAP configuration to bear? I should think that even OpenLDAP would be able to support an additional database (with a different suffix) with database tuning that was less aggressively tuned in favour of read... I suppose the read optimisation of LDAP is more fundamental than what you stick in a DB_CONFIG file though.

Maybe it's the intangible benefit. I can't guarantee that doing DHCP using LDAP would be that much better than using the existing methods (like the failover capability of ISC DHCP), but it seems like it should be worth it...

Thanks for the comment!

Re: Network virtualisation

Vic Cross — Tue, 10 May 2011 09:51:16 -0000

Yes, I was doing something very similar to what you describe. I was having trouble trying to use the brcompat functionality to make Open vSwitch fit into the Ubuntu network startup method, but I think I've now learned that I need to throw away the normal network startup and let Open vSwitch take care of everything (unless Ubuntu Server has native support for Open vSwitch nowadays...).

There is a nice looking writeup of Open vSwitch in Issue 03 of ADMIN Magazine; the author discusses the use of fake bridges to achieve PVID-like function.

Re: Network virtualisation

Edouard Bourguignon — Thu, 28 Apr 2011 08:54:50 -0000

Hi,

Do you know if openvswitch can tag untagged traffic? Like PVID functionnality on physical switch. Because our VM boots on PXE, and PXE doesn't support VLAN. So we have to tag our vswitch port to 0 to allow untagged traffic from the VM to pass thru. Is it possible that fake bridge could handle that traffic to a tagged port?

Re: LDAP-backed DNS and DHCP…?

Владимир Симеонов — Fri, 08 Apr 2011 09:11:19 -0000

ldap is directory (optimized for read not for write access), in such it is pointless to write every dhcp lease in it. imagine large scale network with 2000 and more hosts

Re: Asterisk chan_mobile fail

Ivan Stepaniuk — Fri, 11 Mar 2011 08:17:47 -0000

After having to fight against impedance matching, rx and tx gain, caller id methods, voltage thresholds... and after switching to chan_mobile+gsm, I have no doubts when saying chan_mobile "Just works".

I'm using an old Nokia 6021 and it just works, both with my 2.1 Macbook's bluetooth adapter and some cheap USB bluetooth adapter I had (0a12:0001 "Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)"), the last one being used in my Asterisk server. The only problem is that arround once a week the phone loses it's audio link and the connection needs to be reseted. Bluetooth adapter and phone model seems to be still very critical. There are some compatibility lists around. Good luck!

Re: Network virtualisation

telmich — Sat, 22 Jan 2011 03:58:16 -0000

I'm also a bit confused, it looks like this should work directly with one additional interface: Assume eth0 is the physical interface of the vm-host which receives and sends tagged frames (8021q). Assume further that there's a bridge named brtag, into which eth0 is bound. Then you add a vlan enabled device called vlan123 on brtag, that adds the vlan tag 123. Then you create a bridge named "brvlan123" and add the interface vlan123 to it. Guests which shall set tags themselves are added to brtag, guests which should not setup tags are bound to brvlan123.

Maybe I'm misunderstanding your post, but I do not see a need for binding one interface to multiple bridges.

Re: ppc Linux on the PowerMac G5

Vic Cross — Wed, 10 Nov 2010 06:26:45 -0000

No, I didn't. Well I got yaboot out of the way so that I could boot Mac OS X again, but as far as Linux is concerned I kept hitting the thermal problem. I didn't think Ubuntu still make a PPC build; it's in the Maverick documentation (if you look hard enough) but I can't find a mirror with anything more recent than Dapper. As far as my box goes, I'm starting to think I have a particular hardware revision that is slightly different from the ones that have been worked on so far, which is why the cooling system doesn't work properly for me. Perhaps time (and the continued efforts of Apple, in the same vein as Snow Leopard and iLife '11 and probably plenty of others that have ditched PPC support) will see more of these machines looking for a new purpose, and someone with the resources will find the problem.

Re: ppc Linux on the PowerMac G5

bongo_x — Mon, 08 Nov 2010 20:12:30 -0000

Did you get anywhere with this? I’ve got the newest Ububntu running, and working well, but I was looking for other things to play around with, like a BSD

Re: Zeroshell redux

Kanari Waruru — Fri, 10 Sep 2010 16:36:14 -0000

Found nice Zeroshell installation instructions and thought I would share with the rest. See http://www.computing-tips.net/...

Re: Zeroshell: network services distro

Elvis Ma — Sun, 05 Sep 2010 04:14:52 -0000

ipcop, monowall and smoothwall all failed to install for me. Untangle works but it's bloated and takes my 89w P4 3ghz machine to run well and I'd rather be using my 30w P3 866mhz machine. I'm been using pfsense for the past 2 weeks, which was really easy to install and configure but I'm having a lot of trouble forwarding ports for my games and even more trouble turning my WRT54G router into a wireless access point. Hopefully Zeroshell will save the day and I'll install it in these next couple of days.

Re: Network virtualisation

Vic Cross — Sat, 28 Aug 2010 09:29:08 -0000

Hi Guido,

I have used that method, when running VMware Server in the past. Trouble is, it doesn't work when you have a mixture of VLAN-aware and VLAN-unaware guests that you want to share an adapter: as soon as the 8021q module is bound to an interface (when a VLAN is configured) the "non-VLAN" or "raw" interface no longer receives all the packets. In my VMware Server days, I had to allocate an additional NIC with no VLAN membership for VLAN-aware guests.

I thought that OpenVswitch would be a way to provide more flexibility, and allow me greater control to do interesting things with my available network hardware (especially since I was moving to a new machine with reduced capacity for NIC installation). Unfortunately I had a lot of trouble integrating OpenVswitch into the boot process of Ubuntu Lucid -- every bootup required manual network reconfiguration. I have not looked at it for a while though, hopefully there's better support in distros now.

Thanks for your comment!

Vic

Re: Network virtualisation

Guido Trotter — Fri, 20 Aug 2010 08:45:32 -0000

What's the advantage of using Openvswitch over simply configuring 802.1Q interfaces on linux (for example with: ip link add link eth0 name eth0.3 type vlan id 3) and then connecting those (in this example eth0.3) to a bridge:
brctl addbr br3
brctl addbr addif br3 eth0.3

Sounds like you'd get the same effect without patching your kernel.

Thanks,

Guido

Re: PoE again: this time, success!

Vic Cross — Fri, 13 Aug 2010 21:06:49 -0000

Had another thought... You could use an RJ45 joiner to house the resistor. Might be a bit fiddly to get it back together again, but would be more flexible than my first method.
One more note: I bought a Linksys (now Cisco Small Business) switch with PoE, and found that it actually did the Cisco pre-standard PoE as well as 802.3af! It's model is SRW224G4P, and if you can get one with recent firmware (I had some early stability issues) it might be a better way to run those old phones.
Regards,
Vic

Re: PoE again: this time, success!

Vic Cross — Fri, 13 Aug 2010 20:42:13 -0000

Sorry for the delay... I took a hint from a colleague who designed a way to make a portable Ethernet crossover out of a short Cat5 with a plug at one end and a socket at the other. For mine, I simply added the resistor across the terminals of the RJ45 socket. Result is a short (10cm) extension that I plug into the back of the phone and then plug the patch lead into the extension.
That was the plan, although I found that the extension has to be plugged onto the patch lead first because the resistance of the phone doesn't allow the switch to detect the resistor properly.
What did you end up using?

Re: LDAP Caller ID again!

Vic Cross — Fri, 13 Aug 2010 20:32:56 -0000

No problem... I put up a Trac site at http://trac.veejoe.net a while ago but never set up any links to it... The LDAP caller-ID script is up there. Enjoy, and feel free to let me know how it goes for you!

Re: Travel update: Riding the rails of Europe

Eurail Pass Guide — Fri, 13 Aug 2010 16:23:51 -0000

i love rail travel, its so much more interesting and fun that air or by bus. good to see it being promoted, keep it up!

Re: LDAP Caller ID again!

The Crane — Thu, 05 Aug 2010 16:17:11 -0000

I know this is a long time ago, but any chance you could post a link to that PHP LDAP script?