Category Archives: Network Engineering

All Technology Stuff

My Blog is IPv6 ready!! IPv6 day is coming!!

Posted on 03/06/2011 | 2 comments

ipv6 ready

My web site http://blog.howardtang.com is now IPv6 ready. You can visit my blog via IPv6 connections. Unfortunately, it is IPv6 over IPv4, as a result it should be slower than IPv4. I have purchased a new server and will be install to a colocation which will provide me a native IPv6 connection. By that time, using IPv6 to access my blog should be a lot faster than using IPv4. (only 1% of the world is using IPv6 at the moment. So, it shouldn’t be congested.)

I hope I will see more people get on IPv6.

2 Comments

Posted in Network Engineering

Tagged , ,

Narbik’s CCIE Bootcamp

Posted on 31/05/2011 | 2 comments

I attended the Narkib’s CCIE bootcamp last week. It was a very good CCIE bootcamp. There were a few topics that I wasn’t familiar with and always think they are very difficult. The good thing in Narbik’s bootcamp is that Narbik has made those topics a lot easier to understand. He introduced a new method to look at those topics.

Narbik’s has helped me a lot on preparing the CCIE Lab exam. However, I feel that I still need a lot of extra work before I can pass the CCIE exam.

If anyone who is looking for CCIE training, Narbik’s CCIE bootcamp is what I will recommend.

For more informatin, you may go to http://www.micronicstraining.com

2 Comments

Posted in Network Engineering

Tagged , , ,

Is Online Shopping Secure?? shop.waiwai.com.au was hacked!!

Posted on 07/05/2011 | 3 comments

I was browsing the leading Chinese web site in Australia the other day and accidentally found that its shopping section got HACKED!! Wai wai online web site has been established in Sydney for a long time. It makes me think why this would happened on a online shopping web site. 

I didn’t know when this got hacked, but from the minutes I found that their shopping site was hacked until they fix the site took 2 days. What can a hacker do in 2 days? I personally haven’t purchased anything from their web site. I hope people who did business with them before didn’t lost any personal details. i.e. credit cards details, name and address, etc. because all those confidiential information can lead to idenity thief.

So far after the hacking incident, I didn’t see any annocement from Wai Wai web site about this incident. I think their users should be aware of what have happened on their web site.

I hope the wai wai web site users are aware of this incident and to change your password, and keep an eye on your bank statement/ credit card statement.

It is just like another Sony Play Station sercuity problem, but this is much smaller and only affect local Chinese people in Sydney (or other states in Australia) I believe… (as Waiwai.com.au is targeted Chinese in Sydney) .

3 Comments

Posted in Network Engineering

Tagged , , , ,

IPV6 – Are you ready?

Posted on 03/05/2011 | 7 comments

Looking at the statistic, IPv4 will be exhausted in this year. I think it is time to get ready for IPv6. Unfortunately, look like none of the ISP in Australia are providing IPv6 addresses to their customers.

At least, as far as I know TPG, Exetel, Optus and Telstra, etc are not providing IPv6 as yet. However, Google has already laughed their IPv6 web site. Can you try connecting to http://ipv6.google.com ? if you see something, congarduation! Your computer can access IPv6 website and your ISP has a DNS resolver that can point your to a ipv6 website.

Oh…. not sure what I am talking about??? Point your web browser to http://www.test-ipv6.com or http://www.ipv6-test.com both site will test your ipv6 and ipv4 connectivity. It should give you some idea of what I am talking about.

In order to test out the IPv6 connectivity, I have built a IPv6 tunnel to http://www.he.net . HE has assigned me a /64 and /48 IPv6 public address. I have that setup on my router, every computer in my home is now IPv6 ready. There are more than enough ip addresses in a /48, so I routed some of them to my web server in the data center.

here are the sample configuration.

Configuration on my cisco router:

[code]
interface Tunnel2
 description IPV6 tunnel to webserver
 no ip address
 ipv6 address 2001:470:ECEE:2::2/64
 tunnel source YY.YY.YY.YY
 tunnel destination XX.XX.XX.XX
 tunnel mode ipv6ip
[/code]

Configuration on my web server (debian linux)

[code]
ip tunnel add ipv6tunnel mode sit remote YY.YY.YY.YY
ip link set ipv6tunnel up
ip addr add 2001:470:ECEE:2::1/64 dev ipv6tunnel
ip route add 0::0/0 dev ipv6tunnel
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
[/code]

in my cisco router, there is another tunnel for me to connect to www.he.net for the ipv6 connecitivity.

[code]
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:470:35:4D::2/64
 ipv6 enable
 tunnel source YY.YY.YY.YY
 tunnel destination 216.218.221.42
 tunnel mode ipv6ip
[/code]

a default route for ipv6 need to be added on the router as well
[code]
ipv6 route ::/0 Tunnel0
[/code]

After all the setting, it will be time to do some test. First, try
[code]
ping6 ipv6.google.com
[/code]

in the debain server, which I got a host not found message. It was because I don’t have a IPv6 DNS setup. To get this fix, I did the following:
[code]
vi /etc/resolv.conf
[/code]

adding the HE.net DNS resolver address
[code]
nameserver=2001:470:20::2
[/code]

After setting the DNS server, do the ping6 again, it should work now.  After setting IPv6 for the web server, I also want all my computes at home obtain an IPv6 ip address automantically and also receivce the ipv6 DNS automantically. here are the CLI command to configurate a IPv6 DHCP pool:
[code]
ipv6 dhcp pool datalan
 address prefix 2001:470:ECEE::/64
 dns-server 2001:470:20::2
[/code]

After rebooting a PC, it automantically recevice the IPv6 address and able to pass all the test on http://www.test-ipv6.com.

My next project will be setting up a PPTP ipv6 VPN, so I can access IPv6 website while I am on a IPv4 endpoint via the PPTP tunnel. I will post the configuration up if I am able to make this work.

7 Comments

Posted in Network Engineering

Tagged , , , , , ,

Bypassing the firewall at work

Posted on 07/03/2011 | 2 comments

I couldn’t get back to my home router, not my linux box, not my web page control panel ever since I have changed my job. Because of the very strict firewall policys, I can only use standard ports i.e. http port 80, https port 443 and ftp port 21. Other than those 3 opened ports, I couldn’t do anything else! I couldn’t telnet to my router (port 23), couldn’t ssh to my linux box (port 22) and couldn’t get to my web portal (port 8080).
I don’t understand why they block the ssh port. SSH is a secure protocol and i don’t see how it can harm the company’s network. Anyways, I am trying to find a way out of this when I am at work, at lease I can get back to my Home CCIE Lab for some Lab work. Since Port 443 is working, what I did is to create a Port forward on my home router. I forwarded port 443 to port 22 on one of my Linux boxes. Today I got back to the office and immedately start up putty to see if i can ssh to my linux box via the port 443. And yes, it worked! The next thing I tried was to build a SSH tunnel to use with other protocol using putty. Well, all working fine as what I expected. And I can do a lot of thing now including using a remote CCIE lab at home!

2 Comments

Posted in Network Engineering

Tagged , ,

Cisco EEM script for Email any configuration changed

Posted on 15/10/2008 | Leave a comment

When I was working one of the budget ISP in Australia, the CTO suggested to use mailing list for change control. Which is any change you made to the router need to send an email to change-control@isp.com.

I was speaking to my friend yesterday. He told me that Cisco has a built-in scripting thing which can send out email automantically when the configuration is changed. It is more convenience than manually sending an email. And sometime, some people would try to cover their ass when they did the configuration wrong, they just said – “I have never tough the router configuration”. To eliminate this kind of people telling shXt, cisco EEM will do a better job in change control in my opinion.

Using Cisco EEM scirpt all changes will be sent out automantically with who did the changes. Below is the script that i have on my router.


event manager environment _Email_Server smtp.howardtang.com
event manager environment _Email_To myemail@howardtang.com
event manager environment _Email_From RouterChange@howardtang.com
event manager applet mail_cfg_chg
event syslog pattern ".*%SYS-5-CONFIG_I.*"
action 1.0 info type routername
action 1.1 cli command "enable"
action 1.2 cli command "show archive log config all"
action 1.3 mail server "$_Email_Server" to "$_Email_To" from "$_Email_From" subject "Config change on router: $_info_routername" body "$_cli_result"
action 1.4 cli command "clear archive log config force"

Before adding the EEM script we need to enable log for configuration change on the router.

archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys

Each configuration change will be then send to the email address as soon as you exit the enable mode. You may do more research on google and you will find more useful EEM Script that written by others.

Leave a comment

Posted in Network Engineering

Tagged , ,