Professional Geekism

Recently, the company I work for has been looking for a way to simulate poor or slow connections to the server component of their next software product. I’m sure you’d all agree that it’s important to know how well your server compensates for those with less than ideal Internet connectivity, so we decided to try out the traffic shaping facilities provided by m0n0wall.

Now, of course we have Cisco routers and the like, but setting them up for something like this could take ages. With m0n0wall, it’s all web interface, and therefore is far more intuitive. So far I’ve not got around to setting up the actual connectivity, but I thought I would make a post covering the nuances I experienced whilst installing it in a virtual environment.

Now I find working with VMs is fantastic in many respects, though it can sometimes be infuriating to not have physical hardware to work with when something isn’t right. Thankfully, I’ve recently learnt that diagnosing network faults/complexities surrounding VMs and their bridges, is as simple as checking out the contents of /proc/vmnet/ (under Linux 2.6.x – don’t ask me about Windows!) and digesting the information contained there-in.

As it turns out, I thought my host’s bridge configuration was wrong. After many different tests, and lots of cat’ing files within /proc/vmnet, I realised that I wasn’t doing anything wrong (well, maybe not directly.. See below) with my host configuration. The ‘default’ NIC chipset used by VMWare Server is covered by the AMD PCNET32 driver. Under Gentoo/Windows this works great, however, it wouldn’t bring up the correct interfaces within m0n0wall. Cue my helpful colleague, who suggested that adding a EthernetN.virtualDev = "e1000" line to the .vmx file; one for each NIC you have configured. In my example, this was simply a case of replicating the line for both ‘Ethernet0′ and ‘Ethernet1′ (but you may very well require a third NIC.)

Once m0n0wall was booted with the e1000 (A.K.A. Intel Gigabit) NICs, each one was described as ‘up’ immediately. But unfortunately, it was apparent that something else was also going wrong with the way I had chosen to setup the VM itself.

What really threw me was the inability of m0n0wall to intelligently use the hardware I provided it with. I configured a fairly generous machine (given the slim system requirements for m0n0wall) which included 96MB RAM and a 512MB IDE virtual drive. I mounted the CD ISO, and provided added a Floppy Disk drive with a blank disk.

However, even with a blank virtual floppy inserted, there was no provision for formatting this – and no complaint when m0n0wall attempted to save it’s configuration and couldn’t. On top of that, why was it preferring the FDD over the HDD? Granted; neither was formatted, but I didn’t think it would be too hard to provide some warning or message regarding your choice of non-volatile storage.

So, I needed a formatted virtual floppy image. I couldn’t help think how annoying the following options would be:

Power off a (live) Windows guest to add an FDD
Re-compile a Gentoo VM for FDD support, and add the FDD whilst it’s off
Install VMWare on my workstation so I could install XP/Gentoo, just to format an FDD

How about no.

In the end I opted for using a Gentoo (minimal) live CD on the VM I had already prepared for m0n0wall. Using links (yep, the bridging worked just fine) to obtain the latest CF card .img file, I issued the command:

gunzip -c generic-pc-x.xxx.img | dd of=/dev/hda bs=16k

Which unpacks the image and copies it to the block device (no need to format, or partition.)

After that, I abandoned the idea of the CDROM/FDD combo, removed their devices from the VM configuration and started it up again. Of course this time it booted straight from the image on the HDD, and coupled with the ‘new’ NICs, everything began working as it should. I had a web interface in no time at all.

My words of wisdom? Forget using the CD ROM ISO image! Another little tip I could offer, would be to edit the scsi0.present = "TRUE" attribute in the .vmx file to read "FALSE". You don’t need it, but for some reason you can’t disable it from the VMWare console. It helped to speed up m0n0wall’s boot time, due to removing the need to ‘wait at least 15 seconds for SCSI devices to settle’.

Over-all, I’m quite liking it so far. I may write again soon with some reflections. In the mean time, where did I put that WRAP box?

Update: On my last trip to the hosting facility where this router’s stored, I took the opportunity to test the theory of a non-Cisco CF card knobbling the successful restart of a router. I was sure I’d checked already, but I wanted to be sure.

Thankfully, it restarted without a hitch. So I guess there’s zero cause for alarm.

I know I’ve not written on this log in a long while; I’ve been so busy following the departure of my predecessor, that it’s left me with little time (or will) to write about technology. More to come on this though. I’m still meant to be using this blog as a placement log, so I should really document what I’m doing.

Anyhow, as it happens I’m sat with very little to do at the minute, so I thought I’d write about something that really got me annoyed a week or so ago.

OK, so anyone who’s had the pleasure of setting up a VoIP system based around Cisco CME will know that the flash: directory rapidly fills up with a tonne of files. Config files, language files, firmware files… Basically; a lot of individual little files inhabit your CF card.

Now, on a recent trip to our co-location facility of choice, I wanted to take the opportunity to upgrade the flash card in our voice router. This is a 2811, with the basic 64MB CF card pre-installed, and recently it’s become a pain in the arse working with newer phones (7941′s, in my case) because the firmware files were just taking up too much room. Not to mention you’re only left with ~14MB free space after uploading the IOS image.

So I purchased a 256MB CF card, for about £8 inc. delivery (a mere shadow of the £202-400+ that Cisco wanted for a god-damn CF card of the same size!) and grabbed a standard-affair USB flash drive to use as temporary storage whilst shifting files from one card to the other.

Now, when you’re deleting files en masse from a Cisco flash: directory, it’s possible to use wildcards in order to catch multiple, similarly-named files and delete them all in turn. Which is quite useful if you’re working with 20 config files that all begin with ‘SEPSomethingOrOther’. So because of this included [20th Century] functionality, one would also assume that Cisco would have also included the use of wildcards into the copy command…

Have they bollocks!


RouterX# copy flash:its\SEP* usbflash0:
LOL * IS NOT A VALID FILENAME CHARACTER



RouterX# copy flash:its usbflash0:
LOL CAN'T COPY FOLDERS!


So not only is it retarded enough to not recognise ‘*’ as ‘please copy anything that begins with the preceeding phrase’, it’s also completely inable to copy an entire directory! I cannot believe that Cisco are up to release 12.4(15) and haven’t included some way of copying files en-masse.

It took me bloody ages to copy each of the 62 files from flash: to usbflash0:, swap the CF cards over, and then copy 62 files back to the new CF card. What a horrid waste of time, Cisco.

My good friends at Cisco: if you’re reading this, for the sake of all that’s useful, bloody-well sort it out!

I’ve decided that due to the immensely impressive way in which my network setup at home has turned out, it should be forever-stripped of that horrid, derogatory phrase, ‘wireless’.

Any systems adminstrator, network engineer or even anyone with a slight technical strain in them will most-likely tell you to avoid wireless networking like the plague. If you want retain the ideal of hassle-free and reliable networking, aside from simple light-user access, it’s quite often just a big pain in the arse.

However, you may remember that I wanted to create a wireless bridge from my bedroom, to the opposite side of my flat, where I was to have another router that would be connected to the ADSL. I didn’t want to simply buy a wireless card for my PC as I’m runnning Ubuntu 99% of the time, and as good as it is, Ubuntu hasn’t been able to magically write a bunch of WNIC drivers just yet. Using a bridge also means that I can share the link with other devices (like a phone, or second PC) without having to worry about running a temporary cable or finding them a WNIC.

Well, after conducting my research into simple wired-to-wireless bridges and finding them all to be wank, I’ve ended up with a Linksys WRT54GL (flashed with the DD-WRT firmware) that performs wired-to-wireless bridging to a Netgear DB834GT access point, which is actually located on the opposite side of my flat. The ADSL connection is in-fact ADSL2+, and due to the exchange being roughly 300m of wire away – it syncs to 18.9Mbit/sec at 7dB SnR. If I log in to the Netgear router via telnet, I can tweak the SnR and get as close to the theoretical maxmium of 24Mbit/sec as 21.9Mbit/sec (SnR @ 2.3dB). In real money, this means 2.2MB/sec downloads from the right server…

There’s a little extra latency due to the wireless bridge, but in reality this is still insignificant – the bulk of the RTT to our voice router (hosted in the UK) can be attributed to the ADSL network. Though it’s only an average of 40ms in total.

So a great success if I don’t say-so myself! I don’t think I’ve been more impressed with the capabilities of a £35 router. With nothing more than a firmware update, you can transform it into a BGP/OSPF/Wireless Bridge/Client/VPN endpoint/Router/Managed Switch.. It’s endlessly impressive. And if you think about it the alternatives; it could have cost me £35 for a decent Wireless NIC – and would that WNIC have been support up to 4 devices, with next to zero configuration? I think NOT!

Yes, I’m very impressed with how my network has turned-out. Aside from a great location and a killer ADSL2+ connection, it’s working so well due to good hardware. The Netgear has impressed me somewhat – it’s solid, configurable and worth the money I paid for it. I’d definitely recommend it again, but then it’s still no 54GL – DD-WRT has made that router the star of the show… If only they supported a router with an ADSL modem!

It’s taken a little time, but this Saturday saw the installation of a BT land line in my flat. It’s not going to be used for calls though, no, this is purely for Broadband. And that means, the best broadband I can lay my hands on.

I had originally anticipated ordering a connection from BeBroadband, which would give me an ADSL2+ speed of up to 24Mbit/1.4Mbit on a 3-month contract, with no fixed download limits and all for £25/month. There was a £25 connection fee but that included their ‘BeBox’ ADSL modem, so not at all unreasonable.

But to my utter disappointment it appears that they haven’t enabled my exchange. The centre of Birmingham – B1 for crying out-loud – and they haven’t bothered! Here at work we have a fantastic Be connection, as does a colleague (or two) of mine. All located in other parts of Birmingham. Yet I’m not eligible, apparently? Considering where I live, and what sort of area it is, it makes little to no sense.

So I had a look at SamKnows, whom state that only Easynet and Bulldog have actually installed their LLU equipment into my exchange. Bulldog wouldn’t be bad, though their ADSL2+ service is limited at 16Mbit and also requires that you transfer your landline over to them, which isn’t something that I can do.

So UKOnline, whom re-sell via Easynet, were my choice. One of the companies my employers deal with often do actually have a UKOnline ADSL2+ connection and it’s been quite favourable. Granted though, the connection is definitely down on Be’s; only 22Mbit/768Kbit. Kilobits? IN MY UPSTREAM?! And to add insult to injury, any customers wishing to join on the ADSL2+ connection must purchase a Netgear DG834GT wireless router, or you don’t have the connection.

Now their reason for forcing a £59.99 router on you is purely because the current state of ADSL2+ modems is a little shoddy. Supposedly, at least – my only back-up story to support this was my colleague’s testament on Cisco’s ADSL2 WIC, which for some unbeknownst reason only ever sync’d at 7Mbit/sec – and even now with firmware upgrades, maxes-out at 14.1Mbit/sec due to a physical limitation. If Cisco can’t get it right, what on Earth is going on?

After weighing it up, I didn’t have much choice. Thankfully UKOnline are currently waiving the £25 connection charge, and were very quick and friendly to help me through my order. I really did grill the poor bastard on the end of the phone, but it’s what he’s paid to put up with at the end of the day. Indeed it was nice of him to go the extra mile and arrange for my router and welcome pack to be sent to work instead of the flat, where I’ll actually be around to collect it.

And after some investigation, the router isn’t meant to be all that bad. More-over, even Ebuyer aren’t selling it for less than £60.

So in about 2 weeks I should have something to say about my new connection.

I’ve found a solution to my woes. And it’s not a bridge! Well it won’t start life as a bridge, at least.

My plan is to spend less money on a Linksys WRT54GL, and flash it with some nice 3rd-party firmware. I’ve used this device in the past (albeit in its original 54GS v4 incarnation) and I regard it as the best Ethernet router student money can purchase, particularly with the features unlocked in it thanks to the world’s hackers.

By roughly following this guide, I intend switch the wireless access-point functionality off and instruct the device to act as a client instead. Once this is done, I’ll be able to share my new wireless connection with up to 4 devices via the built-in switch, and Linux may never know I’m using wireless. It also goes without saying that the antennas supplied shall be much more powerful than any wireless NIC (you can even boost the power to illegal levels, should you feel unnecessarily anarchistic.)

The only issue comes with having two steps of PAT, and thus two seperate networks. I don’t envision too many issues with this approach (besides having to forward any outside ports twice) but I’ve got a feeling that it is possible to switch the PAT off and let some true routing to go on. I’ll still be behind the gateway router’s PAT, so there’s very little at stake security-wise.

And I’ll still have to route between the two networks, but we’ll see how that goes.

I’ve recently secured a room in a flat, somewhere in the Jewelry Quarter (The Orb), and should be moving-in just after my exams are over. This means that hopefully I’ll be starting work a little earlier than expected!

First problem, however: NETWORKING again (as-in, I only cabled my house 10 months ago!) Though this time around, I’m concerned about wireless. I don’t think Sarah is going to want wires draping from one side of the flat to the other, but I also don’t think Linux is going to like me if I start using Windows drivers to configure its devices (ndiswrapper or not…)

So what I’d really like to invest in, is a wired-to-wireless bridge. I had already had my heart set on a Linksys WET54G-UK, but judging from the comments left by these disgruntled customers, I don’t think I’ll be having one anytime soon.

I therefore request recommendations for a wired-to-wireless bridge, please. Under £50 (preferably that’d be inc. VAT) and WPA2 support, whilst not being unreliable/flakey/generally crap. Go!