LinuxPlanet Blogs

By Linux Geeks, For Linux Geeks.

How a Grid of Squares Can Make You Stop and Think

without comments

This post has two objectives. The first is to point you to Wait But Why which is, simply put, one of the most wonderful sources of great thought-provoking and interesting articles I’ve found in a long long while. Item one.. check! The second point of this post is related directly to one of those articles. Specifically, the Your Life in Weeks post.

Like many, I grapple with the day-to-day rollercoaster that is life. And you know as well as I do, that the very act of living that day-to-day challenge rarely leaves time to step back and really consider it. I won’t pretend to give you sage advice or extract some over-arching meaning to it all. It just struck me that this simple image – your life in a grid of weeks – 52 per row, each row representing a year – made me stop and think:

Weeks

There is a finite amount of squares – your own personal allotment. As in, you ain’t getting any more. You can see how far you’ve gone and surely with a little fuzziness, how much you’ve got left. It’s not exactly depressing. But it can give you that sharp kick in the pants to realize that those little squares are precious. Look at this Life of a Typical American version of it:

Weeks-block-LIFE1

I can’t really make sense of what it makes me feel. I look at the first part and smile, but that smile turns into sort of a mouth-open stare when you realize how far you are down the page in your life. The squares don’t go on forever. It makes you think about priorities. It can fill you with questions. How important was that argument with your daughter about cleaning up her room? How urgent are those work deadlines? How important is your own personal happiness and satisfaction?

No definitive answers to any of those here. Believe me. But it definitely has a way of grabbing both your shoulders and holding you still for a moment to think about it.

Written by rfquerin

April 15th, 2015 at 9:38 am

Posted in Life,things I like

Check out Lumen it’s Quite Illuminating

without comments

Lumen has landed the new php framework from Taylor Otwell the creator of Laravel, with the aim of the framework being to create a great framework for producing lightning fast micro-services and APIs. This post is really just to bring Lumen to the top of my list to talk about. I’m really excited by the […]

The post Check out Lumen it’s Quite Illuminating appeared first on Pablumfication.

Written by Mark Davidson

April 14th, 2015 at 12:06 pm

Posted in Laravel,lumen,php

IT Training Co-ordinator and Sales Representative Job Vacancy

without comments

Job Details

  • Employer: Jumping Bean
  • Location: 3 Appian Place, 373 Kent Ave, Ferndale, 2194
  • Salary: R5,000 9(basic), 5% commission on sales. Potential income with current sales:R10,000 - R15,000+
  • Available: immediately (April 2015),

Jumping Bean is looking for an ambitious, smart self-starter to handle our IT training co-ordination and sales.
 
Key Performance Areas:

  • Leads follow up and closing of sales leads,
  • Generation of new business,
  • Customer relationship management,
  • Coordination and management of training calendar,

Key Competencies:

  • Good understanding of customer service
  • Ability to plan, schedule, prioritise, focus and keep others informed
  • Strong organization and planning skills, candidate will be required to manage the training calendar,
  • Excellent written and communication skills - including
    • responding to customer inquiries,
    • drafting monthly newsletter,
    • updating web site for price changes and course changes
  • Ability to build trust and customer loyalty
  • Ability to understand customer requirements and adjust course offerings accordingly, clearing such changes with management if necessary,
  • Experience in selling IT training and an understanding of open source products and services an advantage,
  • Ability to take the initiative, develop opportunities and make suggestion for improvement to management,
  • Work with subject matter experts and course content creators to identify market needs and demands for new course and training offerings

Candidate Requirements

  • *Tertiary qualification relating to Sales or Information Technology,
  • 2-3 years sales experience in relevant field
  •  Excellent command of English both written and oral,
  • Drivers license required. This job does not require extensive driving. Work will be performed at our Randburg office. 

About Jumping Bean

Jumping Bean is a small business that is passionate about open source. Our enthusiastic and go-getter  culture requires an individual who can self-manage, request assistance when needed and assist others when needed to take the business to new heights. 

Please call +2711 781 8014 for further information or to submit your CV

Written by Mark Clarke

April 11th, 2015 at 4:49 am

Posted in Uncategorized

OpenFOAM – Open Computational Fluid Dynamics

without comments

OpenFOAM (Open source Field Operation And Manipulation) is a numerical CFD (Computational Fluid Dynamics) solver and a pre/postprocessing software suite.

Special care has been taken to enable automatic parallelization of applications written using OpenFOAM high-level syntax. Parallelization can be further extended by using a clustering software such as OpenMPI that distributes simulation workload to multiple worker nodes.

Pre/post-processing tools like ParaView enable graphical examination of the simulation set-up and results.

The project code is free software and it is licensed under the Gnu General Public License and maintained by the OpenFOAM Foundation.

A parellel version called OpenFOAM-extend  is a fork maintained by Wikki Ltd that provides a large collection of community generated code contributions that can be used with the official OpenFOAM version.

What does it actually do?

OpenFOAM is aimed at solving continuum mechanical problems. Continuum mechanics deals with the analysis of kinematics and the mechanical behavior of materials modeled as a continuous mass rather than as discrete particles.

OpenFOAM has an extensive range of features to solve complex gas/fluid flows involving chemical reactions, turbulence, heat transfer, solid dynamics, electromagnetics and much more!

The software suite is used widely in the engineering and scientific fields concerning simulations of fluid flows in pipes, engines, combustion chambers, pumps and other diverse use cases.

 

How is it used?

In general, the workflow adheres to the following steps:

  • pre-process
    • physical modeling
    • input mesh generation
    • visualizing the input geometry
    • setting simulation parameters
  • solving
    • running the simulation
  •  post-process
    • examining output data
    • visualizing the output data
    • refining the simulation parameters
    • rerunning the simulation to achieve desired results

Later we will see an example of a 2d water flow simulation following these steps.

 

What can Seravo do to help a customer running OpenFOAM?

Seravo can help your organization by building and maintaining a platform for running OpenFOAM and related software.

Our services include:

  • installing the host platform OS
  • host platform security updates and maintenance
  • compiling, installing and updating the OpenFOAM and OpenFOAM-extend suites
  • cluster set-up and maintenance
  • remote use of visualization software

Seravo has provided above-mentioned services in building a multinode OpenFOAM cluster to its customers.

 

OpenFOAM example: a simplified laminar flow 2d-simulation of a breaking water dam hitting an obstacle in an open container

N.B. Some steps are omitted for brevity!

Input files for simulation are ascii text files with defined open format.

Inside the working directory of a simulation case, we have many files defining the simulation environment and parameters, for example (click filename for sample view):

  • constant/polyMesh/blockMeshDict
    • defines the physical geometries; walls, water, air
  • system/controlDict
    • simulation parameters that define the time range and granularity of the run
  • constant/transportProperties
    • defines material properties of air and water used in simulation
  • numerous other control files define properties such as gravitational acceleration, physical properties of the container materials and so on

In this example, the simulated timeframe will be one second with output snapshot every 0,01 seconds.

OpenFOAM simulation input geometry

OpenFOAM simulation input geometry

 

After input files have been massaged to desired consistency, commands are executed to check and process the input files for actual simulation run:

  1. process input mesh (blockMesh)
  2. initialize input conditions (setFields)
  3. optional: visually inspect start conditions (paraFoam/paraview)

Solver application in this case will be OpenFOAM provided “interFoam”, which is a solver for 2 incompressible fluids. It tracks the material interfaces and mesh motion.

After setup, the simulation is executed by running the interFoam command (sample output).

OpenFOAM cluster running full steam on 40 CPU cores.

OpenFOAM cluster running simulation full steam on 40 CPU cores.

After about 40 seconds, the simulation is complete and results can be visualized and inspected with ParaView:

Simulation output at 0 seconds.

Simulation output at 0 seconds.

Simulation output at 0,2 seconds.

Simulation output at 0,2 seconds.

 

And here is a fancy gif animation of the whole simulation output covering one second of time:

dambreak

 

Written by Tero Auvinen

April 10th, 2015 at 4:27 am

IPv6 – Set Up An IPv6 LAN with Linux

without comments

Setting up an IPv6 LAN with Linux? Ever wonder how to do that? For years we have heard the dire predictions about the impending doom of IPv4 and the imminent arrival of IPv6. As with any eschatological  predictions you either choose to ignore it and hope for the best, or you could prepare for the event as best one can. So far the former strategy has served many sysadmins well and prooved to be an effective strategy .

If however, you decided to gird your loins and face IPv6 head on, you probably quickly discovered, that although there is a lot out there about the theory of IPv6 there is very little in the way of practical how tos when it comes to setting up an IPv6 LAN.  What makes understanding IPv6  troublesome is the complexity of working in a mixed environment of IPv4 and IPv6. This complexity becomes evident when one tries to connect to an external IPv6 network or the Internet which is still predominantly IPv4.

Steps to Set Up an IPv6 LAN

This blog posts break this down into two separate problems:

  1. Seting up  an IPv6 LAN network with Linux,
  2. Connecting your IPv6 network to the Internet

If you separate these two issues out its much easier to figure out what you need to do. Both of these steps have issues that need to be understood before the IPv6 "ah-hah" moment. Once that happens you will also have the "oh no" moment which might help you understand why there is such slow movement on IPv6 adoption.

In the first  part we will configure an Ubuntu 14.10 server to manage an  IPv6 LAN. In the 2nd part  we will deal with the myriad of options to connect an IPv6 network to the internet.

IPv6 Addressing - Some Theory

First we need to cover some theory on IPv6 addresses. There is a lot of article covering IPv6 addressing on the web, so I will just summarize what you need to know to proceed with setting up an IPv6 network. There are some nuances and subtleties we will brush over to provide you with a working conceptual model.

  • IPv6 addresses consist of 8 groups of 16 bit hexadecimal numbers to give a total address of 128 bits.  (See Global addresses below for explanation of the 2001:0db8::/32 address block.)
    • 2001:0db8:85a3:0000:0000:8a2e:0370:7334
    • 2001:db8:85a3:0:0:8a2e:370:7334 -> leading zeros (0) are dropped and in the case of a group of zeros (0000) it is reduced to just 0,
    • 2001:db8:85a3::8a2e:370:7334 -> lastly consecutive zeros are simply replaced with an empty double colon ::
  • The first 4 group of hexadecimal numbers of an address, 64 bits of the 128 bits,  is the network prefix (network mask). All IPv6 networks have a 64 bit network prefix,
  • The remaining 64 bits are the host identifier,

Sometime you will see an addresses listed with a prefix such as /48 or /56 etc. This does not mean that 16 (64-48) or 8 (64-56) bits of the 64 network prefix has been reserved for use by hosts as with IPv4 CIDR. The network address is always 64 bits long.

This notation refers to a block of networks. i.e all networks that begin with the first 48 or 56 bits set as specified. This is known as a routing prefix  and is used in routing rules, resulting in smaller routing tables. It is also used for when you are assigned a block of IPv6 networks.

The idea with IPv6 is that you should be assigned a block of networks by your ISP or IANA instead of a single host address or single IPv4 network as currently happens with IPv4.

The remaining bits of the network prefix 16 (64-48) or 8 (64-56) are called the subnet id. So the routing prefix +  subnet id make up the network prefix of an IPv6 address.  Dont' be confused by the use of the word subnet in subnet id.It is not an IPv4 subnet mask. It is simple the part of the network prefix you get to assign yourself as the administrator of that block of network addresses. 

So if you get an IPv6 address block with a 56 bit routing prefix it means you can have 255 (28)  networks each with  1.844674407×10¹⁹ (264) hosts!. Its up to you to determine how the subnet portion is used to create the network address. So if you are given a block of IPv6 network such as fdc8:282a:f54c::/48 it means you can have 216 networks. Your networks addresses are :

  • fdc8:282a:f54c:1::/64 
  • fdc8:282a:f54c:2:/64
  • ... 
  • fdc8:282a:f54c:ffff:/64

We wil come to the host identifier portion later later. The IPv6 network address space has been "sliced up" into different blocks. What you need to know about these blocks is given below: (each address block is explained further later)

Special IPv6 Address Blocks
Name Prefix Explanation
Link Local fe80::/10 Although this routing prefix is only 10 bits leaving 54 bits for up to 254 networks only one subnet id has been allocated so far by the specification which is fe80:0:0:0 or  fe80::/64
Unique Local Addresses(ULA) fc00::/7 Although this routing prefix is only 7 bits, the 8th bit must always be 1 according to the spec. So what you will see in practice is fd00::/7. At some later point we may see fc00::/7. We will be using this address block in our setup.
Global Addresses  2001::/23  Global addresses will in fact be most of the address space of IPv6  So far the 2001::/23 block has been assinged and this is what you are likely to see in practice until further blocks are assigned to regional registrars. Within this some addresses have been reserved for a special purpose such as 2001:0db8::/32 which is reserved for documentation so if anyone copies it it won't actually route. To see what block have been assigned see the IANA site. 

 
For more information on the address blocks see the IANA site

Set Up an IPv6 LAN with Linux

We will set up an IPv6 network incrementally. We will start with the simplest and most trivial IPv6 and add services as we go. This will help us arrive at a understanding of how the various services fit together. We will go from the simplest IPv6 network to one which has all the basic network services required of a business network.

Simplest IPv6 Network - Link Local Only

To setup the simplest IPv6 network you just have to boot up a host or two with a IPv6 enabled operating system such as Ubuntu. Open a terminal and type:

"ip -6 address list"

You should see output similar to the following:

1: lo: mtu 65536 ,up,lower_up>
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qlen 1000
inet6 fe80::922b:34ff:fe7b:6ff1/64 scope link
valid_lft forever preferred_lft forever
,multicast,up,lower_up>
,up,lower_up>

IPv6 link local  addresses have been assigned automatically to any interfaces that you have. The IPv6 localhost address (IPv4 127.0.0.1) is ::1/128. You can do the same on another host to gets it IPv6 link local address and then do a IPv6 ping with "ping6" - note the 6.

"ping6 fe80::922b:34ff:fe7b:6ff1"

The fe80::/64 network prefix is the link local network as explained in the table above. It should be the only IPv6 network address you will see across different physical networks. In fact every host on an IPv6 network must have an link local address (fe80::/64).

Host Identifier Generation

The host identifier portion of the link local address, the remaining 64 bits, is generated from the mac address with a algorithm applied to extend the 48 bit mac address to the 64 bit host address required for IPv6. See EUI64 for the algorithm used. The host identifier may also be manually assigned by the system administrator. This introduces the risk of duplicate IP addresses being assigned, so IPv6 has a duplicate address detection protocol that allows hosts to determine if there is a conflict before assigning itself an address.

In most cases you will let this be automatically generated. In IPv4 initially IP address had to be manually assigned or assigned via a DHCP server. Later the 169.254/16 address range was reserved for auto-configuration in IPv4 network. Unlike IPv4 your interfaces will always have an fe80::64 address, it is not used instead of a valid IPv6 address. In IPv6 your interfaces will typically have multiple IP addresses. 

Why do you need a Link Local Address?

IPv6 configuration is done using layer 3 (network layer) protocols and not layer 2 (media layer eg. Ethernet) as with IPv4; so a valid IPv6 address is required before any additional configuration can be done. Of couese it also allows for zero config simple networks.

Pros and Cons of Link Local Network

With a link local address you can communicate with other IPv6 hosts on the local network segment or broadcast domain. i.e the same switch or shared media network. So for a home LAN not connected to the internet this is all that is required. You can connect to your printer, Smart TV, PlayStation etc automatically using protocols such as UPnP and multicast DNS (ZeroConf).  Connecting to the internet, or a network in a different physical network or logical network, will require a bit more work.

Set Up A Routable IPv6 Network

If this all there was too it then we could all go home. But if you start to think about it you will begin to have some doubts as to how useful a link local only IPv6 network is.

  • How do I assigned the same address to a host every time without doing it manually? (it is possible for a nodes host identifier to change between reboot if there is a conflict) 
  • What if I change the NIC and get a different IP address?
  • How do I configure the hosts for routes and other services such as DNS, NTP etc?
  • How do I communicate between two internal networks separated by a router or WAN link?

To address these issues you need to assign yourself a non-site local address. This can be a unique local address (ula) or a global address. For a global address you will need to get an IPv6 network block from your ISP or get one assigned to you by IANA. So we will make use of a ULA address which you can assign yourself.

What is the difference between a ULA and a Global address?  

By convention a ULA is not routed over the public internet. Routers on the public IPv6 network should refuse to route such traffic in a similar manner to private IPv4 addresses. Essentially there should be no routing entries in the routers responsible for internet traffic, making them unreachable from outside an organisation.

If you are going to start experimenting with IPv6 there are two reasons to use a ULA

  •  you should start with a ULA address to avoid any mis-configuration disasters.
  • It might be hard to get a global IPv6 address assigned to you. There are very few ISP handing out IPv6 network addresses currently so in some cases its the only choice available to you.

Unique Local Addresses

One feature of unique local addresses is that they should be different for every network you see. Unlike IPv4 where private addresses (196.128/16, 10/8 and 172.16/16) meant there are often networks with the same network mask - eg nearly every home and office has a  network with the network mask of 192.168.1.0/24 address or 10.0.0.0/24 range; you might never see a duplicate IPv6 ULA network address. This is because only the first 8 bits of the network prefix are fixed at "fd". The remaining 56 bits of the netowrk prefix, the subnet id, can be randomly selected. System administrators are meant to create the subnet id themselves. A handy way to generate the subnet id for the ULA is to use a site like unique-local-ipv6.com. From here you will get a /48 address range meaning you can have up to 65356 private networks!

Its generally a good idea to use a random subnet id rather than generate one like fd01:1:1:1::0/64 as this increase your chance of a conflict. Why would you be worried about a conflict if these are not routable? Have you ever had to merge two network that had the same IPv4 address range? Have you ever tried to setup a VPN between two network with the same IP network range?

Global Addresses

Global address will be assigned to you by an ISP unless you get your own block and tell your ISP to route it to you. So much like you get a public IP address from your ISP for IPv4 you will in future, get an IPv6 network address range when you dial up. Note: not a single IP address but a whole block of IPv6 addresses. Depending on your ISP you may get only one network or be assigned a block with multiple networks. In this case the router will received the network address prefix to use on your network. It will work the same as for the steps below except instead of a ULA network it will be a global address. Note you don't get assigned a full IPv6 address. You get the network prefix.

So to summarise. You will need at least two  IPv6 addresses for each interface if you want to do normal networkng tasks like route between network. A link local which is always present and at least one ULA or global address or perhaps all three!

For our exercise we will use ULA addresses to setup an IPv6 only LAN.

Set Up an ULA IPv6 Network in Linux

You can setup the following on a network that is already configured for IPv4. You can run IPv6 in parrallel with IPv4. This is known as a dual stack setup. Once done you can stop the IPv4 services and run the network on IPv6 only or keep it dual stack. One reason to test without IPv4 infrastructure running is to convince yourself that your network really is working over IPv6.

Ok, now that some theory is out the way on to how to practically setup an IPv6 only LAN. First we need some more theory :( We have already seen how a link local address is assigned. But how is the ULA network prefix assigned and how are default routes set up? For this IPv6 makes use of a router advertisment service that runs on the local network router. Once an link local address has been assinged the host will ask (solicit) any routers for configuration information. The router response with a router advertisment. This advertisment contains the ULA prefix and the address of the router for the default route. Initially the router did not provide a DNS address but this was later added so a node now has an ULA IPv6 address and a default gateway and all should be good. One thing to note here is the host is not provided with an IPv6 address. It is just provided with the network prefix and its up to the host to generate the host portion of the address. This is known as stateless address assignmetn. The router does not assign an address per se. it has no idea what address have been assigned to hosts. Hence the stateless in the term stateless automatic address configuration (SLAAC)


First assign the router a static IPv6 address from the ULA network:

sudo vi /etc/network/interfaces

auto eth0
iface eth0 inet6 static
   address fd5d:12c9:2201:1::1
   netmask 64
   autoconf 0
   dad-attempts 0
   accept_ra 0

This sets up a static IPv6 address in our range for our Linux router.

sudo apt-get install radvd

vi /etc/radvd.conf

interface eth0
{
        AdvSendAdvert on;
        prefix fd5d:12c9:2201:1::1/64 {
                AdvOnLink on;
                AdvAutonomous on;
        };
    #Send DNS Server setting if not using Dynamic DNS updates
    RDNSS fd5d:12c9:2201:1::2{
    };
};

Restart the service and then on a client restart the network. You should see two IPv6 address on your network card. "ip -6 address list". You can ping the router with the ping6 utility:

"ping6 fd5d:12c9:2201:1::1" if this doesn't work try "ping6 fd5d:12c9:2201:1::1 -I eth0" -> Use the interface with the assigned IPv6 address

Congratulations you have an IPv6 network up and running.

Step 2

Now several questions arise:

1) What is I want to send down other configuration information such as the NTP or SMTP server settings?
2) What is I want to make sure the same IPv6 address always get assigned to a server like the NTP or SMPT server?
3) What is I want to track IP address assignement?
4) What if I want to provide dynamic updates to the local DNS server?

To use DHCP you need to configure the radvd service to tell all nodes to contact a DHCP server. You can configure radvd to tell the nodes to contact the DHCP server for configuration info only or to get configuration information and IP address from the DHCP server. We will use DHCP to send configuration information such as DNS servers and to assign IP addresses:

interface eth0
{
        AdvSendAdvert on;
        prefix fd5d:12c9:2201:1::1/64 {
                AdvOnLink on;
                AdvAutonomous on;
                AdvManagedFlag on; # get a full IP address from the DHCP server
                AdvOtherConfigFlag on; # get other configuration info from the DHCP server
        };
};

 

Setting up DHCP6 is similar to DHCP for IPv4. We will use the isc-dhcpd-server

"apt-get install isc-dhcp-server"


Create a file /etc/dhcpd/dhcpd6.conf with the following entries:


ddns-update-style interim;
ddns-updates on;

update-conflict-detection false;
update-optimization false;

option domain-name "jumpingbean.co.za";
option dhcp6.name-servers fd5d:12c9:2201:1::2;

default-lease-time 600;
max-lease-time 7200;
include "/etc/dhcp/rndc.key";

log-facility local7;

zone jumpingbean.co.za. {
        primary 127.0.0.1;
        key rndc-key;
}


zone 1.0.0.0.1.0.2.2.c.9.2.1.d.5.d.f {
        primary 127.0.0.1;
        key rndc-key;
}


subnet6 fd5d:12c9:2201:1::/64 {
        range6 fd5d:12c9:2201:1::100 fd5d:12c9:2201:1::200;
}


Here we setup the DHCP server to provide the DNS server and also specify which Zone file should be updated in the local DNS server when an address is assigned. These are the "zone" entries about and play the same role as zone entries when you configure IPv4 dhcp server. We also set the DNS server and domain name to use on nodes. Note you can run an IPv4 and IPv6 DHCP server in parallel as they listen on different ports.

Note: To setup a fixed IPv6 address in DHCPv6 you make use of a DUID (Device Unique ID) which is not the mac address which is used for IPv4 DHCP. The DUID is assinged by the operating system and remains the same even if network cards change. 

host example {
  host-identifier option dhcp6.client-id 31:30:30:30:30:31:33;
  fixed-address6 fd5d:12c9:2201:1::101;
}

I am not aware of a way to get the DUID in Linux other than by looking in the leases file on the DHCP server. A binary copy of the node DUID can be found at /var/lib/dhcpv6/dhcp6s_duid. If anyone knows how to read this file please let the internet know :)

To start the isc-dhcp server with the option "-6". You can set this in /etc/defaults/isc-dhcpd-server "OPTIONS="-6". On Ubuntu 14.10 this is ignored and it start in IPv4 mode. To get the dhcp server to start in DHCPv6 mode add this to the /etc/rc.local file as a temporary solution.

dhcpd -6  -cf /etc/dhcp/dhcpd6.conf -lf /var/lib/dhcp/dhcpd6.leases eth0

You might also have apparmour complain about the lease file if you try and write it to a different location. You can either stop apparmor or configure the dhcp server to write to location that its profile supports writing to.


/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable 
        // nameservers, you probably want to use them as forwarders.  
        // Uncomment the following block, and insert the addresses replacing 
        // the all-0's placeholder.

         forwarders {
                8.8.8.8;
                4.4.4.4;
         };

        dns64 fd5d:12c9:2201:1:1:1::/96 {
                clients {
                        any;
                };

                exclude {
                        any;
                };
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

};


/etc/named/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/etc/bind/rndc.key";

zone "jozilug.co.za" {
        type master;
        allow-update { key rndc-key; };
        file "/var/lib/bind/jozilug.co.za";
};


zone "1.0.0.0.1.0.2.2.9.c.2.1.d.5.d.f.ip6.arpa" {
        type master;
        file "/var/lib/bind/fd5d:129c:2201:1";
        allow-update { key rndc-key; };
};

 

/var/lib/bind/jozilug.co.za

Zone file

$ORIGIN .
$TTL 604800     ; 1 week
jozilug.co.za           IN SOA  jozilug.co.za. admin.jozilug.co.za. (
                                182        ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                                )
                        NS      ns.jozilug.co.za.
                        A       127.0.0.1
                        AAAA    ::1
$ORIGIN jozilug.co.za.
$TTL 300        ; 5 minutes
android-a74e95670198fd6a A      10.0.10.4
                        TXT     "0002ec64161ce51591018b9eb0a01ae6b9"
$TTL 604800     ; 1 week
gateway                 AAAA    fd5d:12c9:2201:1::2
ns                      AAAA    fd5d:12c9:2201:1::2
$TTL 300        ; 5 minutes
trinity                 A       10.0.10.3
$TTL 187        ; 3 minutes 7 seconds
                        TXT     "025c83d7b0b5ca62d26381f057fbeed483"


/var/lib/bind/fd5d:129c:2201:1

;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     ns.jozilug.co.za. admin.jozilug.co.za (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.jozilug.co.za.       

2.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.2.2.9.c.2.1.d.5.d.f.ip6.arpa.       IN      PTR     ns.jozilug.co.za


After all of this you will now have a fully functioning IPv6 LAN. We can now move to the 2nd problem how do I connect to the internet? At the time of writing this article the most common occurrence is for an ISP to assign a single IPv4 address to your router. As IPv6 becomes more widely adopted this will change and the step below will not be relevant. The issue is that IPv6 services cannot be access via an IPv4 address and IPv4 services cannot be natively connected from an IPv6 only host. So there is a transition pahse where both protocols will need to be present or a kludge will need to be used to convert from IPv4 to IPv6 and vica-versa. For the sake of simplicity we will assume an IPv4 address on the router and assume, at this point you only need to connect to IPv4 hosts on the internet. To enable an IPv6 only network to connect to the IPv4 network we can make use of nat64. This protocol converts all IPv6 addresses to a pool of IPv4 addresses and then routes the request to the ISP. This means there will be double natting which is not ideal.

Alternatively you can keep a dual stack and then setup a IPv6 tunnel at one of the well known tunnel brokers such as Hurricane Electric.

Written by Mark Clarke

April 5th, 2015 at 10:05 am

Posted in Uncategorized

Network Tunnels with Linux

without comments

Creating network tunnels in Linux is easy and provides a great solution to what might otherwise be difficult to solve networking problems. Most people are familiar with tunnels as they are used to create virtual private networks (VPN) to connect remote sites or remote hosts to a central site securely, allowing the remote network to be accessed as if it is local.  

 

Using Linux's IPRoute2 Utilities to create tunnels

In Linux we make use of the IPRoute2 utilities to create tunnels and to manage the,. Although you can use ifconfig to managed tunnels this is an aging and no longer adequate utility to manage networks. The ip utility can create gre or ipip (ip in ip) tunnels for both IPv4 and IPv6 networks. These tunnels are not natively encrypted so any encryption would need to be done at the layer 7 level to avoid eave-dropping. Of course you can also create secure tunnels easily using SSH as a SOCK proxy but this requires application level support to use the tunnel so not all traffic will go over the SOCK tunnel.

Creating tunnels involves three steps which must be performed on the two hosts that are participating in the tunnel:

  1. Create a logical tunnel device,
  2. Assign an IP address to the device
  3. Set up routing rules to route traffic over the tunnel

Each host is the mirror of the other when it comes to creating rules. E.G. The remote ip for host 1 is the local ip for host 2 and visa-versa.

1. Create the logical tunnel interface. The type of tunnel will depend on your needs either ipip, gre.sit etc.

"ip tunnel add tun0 mode ipip local [hosts  public ip] remote [remote hosts public ip]"
eg: "ip tunnel add tun0 mode ipip local 105.105.105.105 remote 41.41.41.41"

2. Assign an ip to the tunnel interface

"ip address add [private ip address] dev tun0"
"ip address add 192.168.12.2 dev tun0"

This private ip address is usually separate from the network address of the local network. It is a network that is for the tunnel only. The remote tunnel should be assigned an different address in the same netowork as its counterpart.

3. Add routing rules to the route traffic over the tunnel:

"ip route add [remote network]/24 via [remote tunnels IP address]"
"ip route add 10.0.10.0/24 via 192.168.12.2"

The above assumes that the remote host is on a network with a network address of 10.0.10/24. The local network could for example be 172.16.16/24 for example. The remote host will need to add a route for this network through the tunnel.

Uses for unencrypted tunnels

These days it generally not good practice to send anything out unencrypted. but you still might find a use for ipip or gre tunnels. They are a great way to bond ADSL connections or to create a seamless virtual network between hosts in different data centres and an absolute necessity to connect IPv6 networks swimming the sea of IPv4 networks.

Need Linux support and consulting or Linux training?  Why not contact us.

 

Written by Mark Clarke

April 3rd, 2015 at 10:22 am

Posted in Uncategorized

Do Something!

without comments

I'm a very opinionated person and I don't think that there is much I can do about that. Most of the time I try to not force my personal opinions on people, some of my friends and family might disagree, but I do honestly try. I like to think most people arrive at their opinions honestly and they represent a perspective, however different than mine, that is informed by things I might not be able to understand. I do know that my opinions on things have changed or maybe even evolved with time and I'd like to think we are all on a path headed towards our dreams. Maybe at different points on the path but still on a path. If I can help someone down the path with me, I try to do it. What I won't do is push someone to make ground on something by force.

In my own head I don't think I have a single personal philosophy that guides my life. Most of the time I feel like I'm drowning in my own self doubt. However, I do get put into the position of offering advice on peoples lives more than I'm comfortable with. Most of the time I just try my best to nudge people in a positive direction.

Lately however, I've been giving more and more thought to what I would call my personal brand of guiding wisdom. Now I obviously don't have the answer to eternal happiness, world peace or even how to not annoy the crap out of everyone by accident. The reality is, I'm pretty useless at making other peoples lives better most of the time, despite my grand ideas for changing the world.

What I do know is that when I'm at my most depressed or discouraged that I can always dig myself out. Even if it feels at the time like I never will. I don't have a magic silver bullet but I do know that every day I can chose to do at least one thing that makes my life or the life of those around me better and I think that mostly sums up my approach. As I've thought about it, I've boiled it down to something fairly concise.

"Do Something"

What I mean by that is you might not be able to control everything that happens to you and you also might not be able to control the way you feel about it. What you can do is move yourself down the path. Sometimes it's a moon surface leap and sometimes it's crawling through glass, but progress is progress. No, this won't guarantee your bills will get paid, you will save your marriage or heal a childhood pain. It might not even make you feel better. What it will do is put you a little closer, bit by bit.

If you are like me, most things feel overwhelming. I can be pretty hard on myself. I once told someone, "You can't say anything to me more hurtful than what I've said to myself." I think it might be one of the most honest things I've ever said. What I have found though that helps me more than anything, is doing something. Anything. As long as it's a positive step in the right direction. Even if it's just one small step with a million more to go, it's one step closer to my final destination.

No matter how small the gesture it can at least help you get into a better head space. It could be something for yourself, like getting chores you've been avoiding knocked out or something huge like finally telling someone how you care about them. You don't even have to do it for yourself. Sometimes when I'm at my lowest it helps to think about the things I wish others where doing for me at that moment and do it for someone else. One example is, for my own narcissistic reasons, I really like things I post to social media to get liked by my friends and family. Sometimes a post that I feel really strongly about or connected to will get almost completely ignored and it will send me into a tailspin of self doubt. In all likely hood there are multitudes of reasons people didn't take the time to click "like", and most are probably not related to me or my personal feelings. So, even in this silliest of first world problem situations, I try to reach out to others, click like on things my friends post or leave a positive comment. I would never do this disingenuously. I'm always clicking like or give a positive comment to something I actually like. I'm just trying to go a little more out of the way to make someone else feel good.

Now, does this achieve anything measurable. Most of the time no. Most of my friends are likely unaware I do this. Does it suddenly make all my neurotic obsession over whether people like me go away? not at all. What it does though is put me at least half a step closer to feeling better and more often than not it's enough to give me a clear head to see the next step I need to take. Sometimes that next step is one of those moon surface leaps that I can't believe I didn't take before.

Don't get me wrong, I don't hinge my day to day feelings on these silly little acts. Mostly I've learned about myself that I really like the feeling of creating something so I try to focus on those kinds of activities. I have loads of hobbies and things that I do that keep me moving forward. I think those count too. What I try not to do is sit around and think of all the things I should be doing and know for sure I won't do. I'd rather focus on the things I can do than the things I can't.

So now I think I can feel a tiny bit more comfortable in offering someone advice. Just "Do Something." As long as it's positive progress, it's worth it. No matter your situation, you can at least do something to make it better. No matter how insignificant it might seem at the time. I even keep a small daily journal where I try to write down the positive things I did that day. I also write some of the negatives but as long as there is at least one positive, it helps.

So?!?!

Do Something!

That's the best I've got.

Written by Daniel Worth

April 2nd, 2015 at 8:45 pm

Posted in Uncategorized

Bad Voltage Season 1 Episode 39: Ambitious but Rubbish

without comments

Jono Bacon, Stuart Langridge and myself present Bad Voltage (without Bryan Lunduke who is currently struggling with an attack of Ebola), in which everything needs to be an order of magnitude better. Featuring flying bags of flammable liquid, 120 frames per second, and:

  • What needs to happen so that I can have a drone to deliver my pizza and pick up my shopping? Drawing a line through the technological, regulatory, and philosophical minefield standing between today and Jono’s Glorious Drone-Filled Future (2.40)
  • Tarus Balog speaks about OpenNMS, a network management system for big networks, and some recent changes in the project (27.01)
  • Jono reviews the Go Pro Hero 3+ silver edition extreme sports camera (45.24)
  • Jeremy Clarkson has been fired from Top Gear for hitting a colleague. We draw some fairly obvious parallels between the world of open source and this twin situation of standing up against unacceptable behaviour and whether a project is viable if a leading contributor is dismissed (59.38)

Listen to 1×39: Ambitious but Rubbish

As mentioned here, Bad Voltage is a project I’m proud to be a part of. From the Bad Voltage site: Every two weeks Bad Voltage delivers an amusing take on technology, Open Source, politics, music, and anything else we think is interesting, as well as interviews and reviews. Do note that Bad Voltage is in no way related to LinuxQuestions.org, and unlike LQ it will be decidedly NSFW. That said, head over to the Bad Voltage website, take a listen and let us know what you think.

–jeremy


Written by jeremy

April 2nd, 2015 at 8:57 am

Posted in Bad Voltage

Creating cylic redundancy check number for a file in linux

without comments

CRC stands for Cylic Redudancy Check.

According to wikipedia

A cyclic redundancy check (CRC) is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data. Blocks of data entering these systems get a short check value attached, based on the remainder of a polynomial division of their contents. On retrieval the calculation is repeated, and corrective action can be taken against presumed data corruption if the check values do not match.

ref: http://en.wikipedia.org/wiki/Cyclic_redundancy_check

So CRC is used when we want to ensure that the data being transmitted is error free. Now there are a number of methods to calculate the CRC and different types of CRC which ware listed out in the above mentioned CRC link of wikipedia.

Linux provides a simple command to find the CRC with out bothering about the mathematical details of the CRC calculation.

The command to calculate CRC of a text file is CRC32

The syntax is simple



Let us say we have a file called hello with the contents





Please note that as many times as you run the command, the CRC32 will remain the same as long as there is no change in the file. Note that even a space in the file change the CRC32.

Written by Tux Think

March 29th, 2015 at 12:15 pm

Posted in Commands

Bad Voltage Season 1 Episode 38: Easy Being Green

without comments

Bryan Lunduke, Jono Bacon, Stuart Langridge and myself present Bad Voltage, in which we decide to talk about Linux almost completely for the whole show. Featuring following the dare in the last show a great deal of OpenSuSE (or openSUSE or opensuse or possibly Open SUSE), green-coloured things, and:

  • If you want a thing fixed in an open source project, and you’re prepared to pay market rate for a developer to get it fixed… how do you find someone to pay to fix it? It seems harder than you might think (1.49)
  • We speak as part of this openSUSE-based show to Andrew Wafaa, long-time contributor and member of the openSUSE community board, about why he’s involved and where openSUSE stands with the rest of the free software community (19.30)
  • In the last show Bryan threw down a challenge to the other three to spend time using openSUSE and report back on their findings. We tried Gnome, KDE, and Enlightenment: now we talk about how that went and what we think about openSUSE as a whole (40.42)
  • We review the newly-released Dell M3800 laptop powerhouse (73.12)

Listen to 1×38: Easy Being Green

As mentioned here, Bad Voltage is a project I’m proud to be a part of. From the Bad Voltage site: Every two weeks Bad Voltage delivers an amusing take on technology, Open Source, politics, music, and anything else we think is interesting, as well as interviews and reviews. Do note that Bad Voltage is in no way related to LinuxQuestions.org, and unlike LQ it will be decidedly NSFW. That said, head over to the Bad Voltage website, take a listen and let us know what you think.

–jeremy


Written by jeremy

March 19th, 2015 at 1:07 pm

Posted in Bad Voltage