Quidway S6700 Series Ethernet Switches
V100R006C00
Configuration Guide - Device Management
http://enterprise.huawei.com/ilink/enenterprise/download/HW_116588
<huawei>display port-mirroring
Port-mirror:
----------------------------------------------------------------------
Mirror-port Direction Observe-port
----------------------------------------------------------------------
XGigabitEthernet0/0/2 Both XGigabitEthernet0/0/1
XGigabitEthernet0/0/3 Both XGigabitEthernet0/0/1
XGigabitEthernet0/0/23 Both XGigabitEthernet0/0/1
----------------------------------------------------------------------
<huawei>system-view
Enter system view, return user view with Ctrl+Z
[huawei]interface XGigabitEthernet 0/0/2
[huawei-XGigabitEthernet0/0/2]undo port-mirroring both
Wednesday, January 27, 2016
Understanding DevOps
Understanding DevOps – Part 6: Continuous Deployment vs Continuous Delivery
What is Continuous Deployment?
Companies like flickr have in the past posted on their blog how many ‘deploys’ they had so far that day/week. Looking at the an organization that deploys to production 89 times in a week can be very intimidating. More importantly, it begs to ask – what do you deploy to production 89 times in a week?This is a scenario that may actually keep some people away from adopting DevOps practices as they believe that they have to deploy every change to production. That is certainly not the case. First, you need to understand what is being deployed here and second, more importantly need to understand that this is not applicable, necessary or in some cases even feasible, for every organization.
Devamı:
https://sdarchitect.wordpress.com/2013/10/16/understanding-devops-part-6-continuous-deployment/
Monday, January 25, 2016
nagios nsca: daemon was not compiled with mcrypt library, so decryption is unavailable.
Platform:
Oracle Linux Server release 6.7
/usr/local/nagios/etc/nsca.cfg:
decryption_method=2
command:
/usr/local/nagios/bin/nsca -c /usr/local/nagios/etc/nsca.cfg
/var/log/messages error:
Jan 25 16:15:34 monitoring nsca[12487]: Invalid decryption method (2) in config file '/usr/local/nagios/etc/nsca.cfg' - Line 203
Jan 25 16:15:34 monitoring nsca[12487]: Daemon was not compiled with mcrypt library, so decryption is unavailable.
Solution:
yum install -y libmcrypt-devel libmcrypt
./configure --with-nsca-user=nagios --with-nsca-grp=nagios --with-mcrypt-lib=/usr/lib64/ --with-mcrypt-inc=/usr/include
make clean
make all
cp src/nsca /usr/local/nagios/bin/nsca
Oracle Linux Server release 6.7
/usr/local/nagios/etc/nsca.cfg:
decryption_method=2
command:
/usr/local/nagios/bin/nsca -c /usr/local/nagios/etc/nsca.cfg
/var/log/messages error:
Jan 25 16:15:34 monitoring nsca[12487]: Invalid decryption method (2) in config file '/usr/local/nagios/etc/nsca.cfg' - Line 203
Jan 25 16:15:34 monitoring nsca[12487]: Daemon was not compiled with mcrypt library, so decryption is unavailable.
Solution:
yum install -y libmcrypt-devel libmcrypt
./configure --with-nsca-user=nagios --with-nsca-grp=nagios --with-mcrypt-lib=/usr/lib64/ --with-mcrypt-inc=/usr/include
make clean
make all
cp src/nsca /usr/local/nagios/bin/nsca
HTTPS Bicycle Attack - Obtaining Passwords From TLS Encrypted Browser Requests
A paper detailing a new attack vector on TLS was released on December 30. The attack, known as the HTTPS Bicycle Attack,
is able to determine the length of specific parts of the plain-text
data underneath captured TLS packets using a side-channel attack with
already known information. The attack has a few prerequisites but could
be applied in a real world scenario, and is completely undetectable due
to its passive nature.
Some of the key observations of this attack are as below:
http://blogs.forcepoint.com/security-labs/https-bicycle-attack-obtaining-passwords-tls-encrypted-browser-requests
https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
You can keep up to date with the discussion of HTTPS Bicycle on Reddit at https://www.reddit.com/r/netsec/comments/3zc5qu/https_bicycle_attack/
Executive Summary
The HTTPS Bicycle attack can result in the length of personal and secret data being exposed from a packet capture of a user's HTTPS traffic. For example, the length of passwords and other data (such as GPS co-ordinates) can be determined simply by analysing the lengths of the encrypted traffic.Some of the key observations of this attack are as below:
- Requires a packet capture containing HTTPS (TLS) traffic from a browser to a website
- The TLS traffic must use a stream-based cipher
- Can reveal the lengths of unknown data as long as the length of the rest of the data is known - this includes passwords, GPS data and IP addresses
- Packet captures from several years ago could be vulnerable to this attack, with no mitigation possible
- The real world impact is unknown, as there are several prerequisites that may be hard to fulfill.
http://blogs.forcepoint.com/security-labs/https-bicycle-attack-obtaining-passwords-tls-encrypted-browser-requests
https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
You can keep up to date with the discussion of HTTPS Bicycle on Reddit at https://www.reddit.com/r/netsec/comments/3zc5qu/https_bicycle_attack/
Friday, January 22, 2016
cloudera vm: A Single-Node Hadoop Cluster and Examples for Easy Learning!
Cloudera Enterprise: The world's most popular Apache Hadoop solution
Cloudera offers the highest performance and lowest cost platform for using data to drive better business outcomes. Cloudera Enterprise makes Hadoop fast, easy, and secure, so you can focus on results.
Cloudera QuickStart VMs are for demo purposes only and are not to be used as a starting point for clusters.
The VM uses a package-based install. This allows you to work with or without Cloudera Manager. Parcels do not work with the VM unless you first migrate your CDH installation to use parcels. On your production systems, Cloudera recommends that you use parcels.
http://www.cloudera.com/downloads/quickstart_vms/5-5.html
Cloudera offers the highest performance and lowest cost platform for using data to drive better business outcomes. Cloudera Enterprise makes Hadoop fast, easy, and secure, so you can focus on results.
Cloudera QuickStart VMs are for demo purposes only and are not to be used as a starting point for clusters.
- The VMs run CentOS 6.4 and are available for VMware, VirtualBox, and KVM.
- All require a 64-bit host OS.
The VM uses a package-based install. This allows you to work with or without Cloudera Manager. Parcels do not work with the VM unless you first migrate your CDH installation to use parcels. On your production systems, Cloudera recommends that you use parcels.
http://www.cloudera.com/downloads/quickstart_vms/5-5.html
Tuesday, January 19, 2016
linux: how to activate and test kernel coredump property
[root@istanbul tmp]# sysctl -a | grep pattern
kernel.core_pattern = /tmp/core-%e-%s-%u-%g-%p-%t
test.c code:
#include <stdlib.h>
#include <time.h>
#include <stdio.h>
int main(int argc, char **argv)
{
srand(time(NULL));
int * nullpointer = NULL;
printf("%d\n", *nullpointer);
return 0;
}
# gcc -o testapp test.c
[root@istanbul tmp]# ./testapp
Segmentation fault
[root@istanbul tmp]# ls
no core file found.
[root@istanbul tmp]# ulimit -c
99999999
[root@istanbul tmp]# ls -alt /tmp/core-* | head -1
-rw------- 1 root root 241664 Jan 19 11:31 /tmp/core-testapp-11-0-0-2127-1453195860
If you don't want to use testapp you can do it easily by using sleep command, too.
sleep 10 &
killall -SIGSEGV sleep
kernel.core_pattern = /tmp/core-%e-%s-%u-%g-%p-%t
test.c code:
#include <stdlib.h>
#include <time.h>
#include <stdio.h>
int main(int argc, char **argv)
{
srand(time(NULL));
int * nullpointer = NULL;
printf("%d\n", *nullpointer);
return 0;
}
# gcc -o testapp test.c
[root@istanbul tmp]# ./testapp
Segmentation fault
[root@istanbul tmp]# ls
no core file found.
[root@istanbul tmp]# ulimit -c
99999999
[root@istanbul tmp]# ls -alt /tmp/core-* | head -1
-rw------- 1 root root 241664 Jan 19 11:31 /tmp/core-testapp-11-0-0-2127-1453195860
If you don't want to use testapp you can do it easily by using sleep command, too.
sleep 10 &
killall -SIGSEGV sleep
Friday, January 15, 2016
linux: gettimeofday - VDSO Virtual Dynamic Shared Object
strace -c date
ciktisinda yaptigim incelemede gettimeofday syscall cagrisinin yapilmadigini gozlemledim sonrasinda yaptigim arastirmada VDSO mimarisi ile bir cozum uygulandigini gordum.
detaylar:
detaylar:
Many application workloads (especially databases and financial service applications) perform extremely frequent
gettimeofday
or similar time function calls. Optimizing the efficiency of this calls can provide major benefits.
A Virtual Dynamic Shared Object (VDSO), is a shared library that allows application in user space to perform some kernel actions without as much overhead as a system call. The VDSO is often used to provide fast access to the
gettimeofday
system call data.
Enabling the VDSO instructs the kernel to use its definition of the symbols in the VDSO, rather than the ones found in any user-space shared libraries, particularly the
glibc
. The effects of enabling the VDSO are system-wide - either all processes use it or none do.
When enabled, the VDSO overrides the
glibc
definition of gettimeofday
with it's own. This removes the overhead of a system call, as the call is made direct to the kernel memory, rather than going through the glibc
.Thursday, January 14, 2016
telecom: what is NEBS
NEBS (Network Equipment - Building System) is the most common set of safety, spatial and environmental design guidelines applied to telecommunications equipment in the United States. NEBS is why telephones work after an earthquake or thunderstorm! NEBS requirements are utilized all over the world for a host of commercial, utility and defense applications. Still, the most frequent application of NEBS is to design and test equipment intended for use in Central Offices.
http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=095698532&page=nebs
Equipment deployed in the network needs to be safe, reliable, and easy to deploy. The NEBS standards in GR-63 and GR-1089 provide
uniform criteria for equipment design intended to reduce the cost of deployment and maintain reliability of the network.
SR-3580 groups the NEBS criteria into three functional levels (I, II, or III). Grouping the criteria into levels helps clarify the
impact of non-conformance and allows the broad range of NEBS requirements to be judiciously applied to equipment, based on the
equipment's application and impact on the operation of the network
http://telecom-info.telcordia.com/site-cgi/ido/docs.cgi?ID=196992314SEARCH&KEYWORDS=&TITLE%20=&DOCUMENT=SR-3580&DATE=&CLASS=&COUNT=1000
What is "NEBS Level 3"?
"NEBS Level 3" is a term from Bellcore special report, SR-3580. This report details 3 distinct functional levels of NEBS compliance based on GR-63-CORE and GR-1089-CORE. The levels allow a wide range of NEBS requirements to be applied to equipment based on application and network impact.
"NEBS Level 1" means that people and equipment hazards and network degradation are minimized. NEBS Level 1 addresses the personnel and equipment safety requirements of GR-63-CORE and GR-1089-CORE. This is useful for getting prototypes into a lab trial. It's also a requirement that is imposed on Competitive Local Exchange Carriers (CLECs) in order for them to deploy equipment into an RBOC's network. This level doesn't address operability, this is addressed in Levels 2 and 3.
"NEBS Level 2" addresses equipment operability, but in a controlled environment. For example, equipment could be used in a data center, however, if the equipment performs non-critical operations it could be used under environmental extremes. Note that this level is very rarely used because it is ambiguous.
"NEBS Level 3" means the equipment is in the network for the long haul. We're talking about Carrier Class with this stringent level. The equipment will operate under the environmental extremes found in a central office. In a nutshell, the equipment meets all of the requirements of GR-63-CORE and GR-1089-CORE.
Telcordia has created a special NEBS page to their SuperStore providing customers with more info on the NEBS documents. Check out Telcordia NEBS Page
NOTES:
http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=095698532&page=nebs
Equipment deployed in the network needs to be safe, reliable, and easy to deploy. The NEBS standards in GR-63 and GR-1089 provide
uniform criteria for equipment design intended to reduce the cost of deployment and maintain reliability of the network.
SR-3580 groups the NEBS criteria into three functional levels (I, II, or III). Grouping the criteria into levels helps clarify the
impact of non-conformance and allows the broad range of NEBS requirements to be judiciously applied to equipment, based on the
equipment's application and impact on the operation of the network
http://telecom-info.telcordia.com/site-cgi/ido/docs.cgi?ID=196992314SEARCH&KEYWORDS=&TITLE%20=&DOCUMENT=SR-3580&DATE=&CLASS=&COUNT=1000
What is "NEBS Level 3"?
"NEBS Level 3" is a term from Bellcore special report, SR-3580. This report details 3 distinct functional levels of NEBS compliance based on GR-63-CORE and GR-1089-CORE. The levels allow a wide range of NEBS requirements to be applied to equipment based on application and network impact.
"NEBS Level 1" means that people and equipment hazards and network degradation are minimized. NEBS Level 1 addresses the personnel and equipment safety requirements of GR-63-CORE and GR-1089-CORE. This is useful for getting prototypes into a lab trial. It's also a requirement that is imposed on Competitive Local Exchange Carriers (CLECs) in order for them to deploy equipment into an RBOC's network. This level doesn't address operability, this is addressed in Levels 2 and 3.
"NEBS Level 2" addresses equipment operability, but in a controlled environment. For example, equipment could be used in a data center, however, if the equipment performs non-critical operations it could be used under environmental extremes. Note that this level is very rarely used because it is ambiguous.
"NEBS Level 3" means the equipment is in the network for the long haul. We're talking about Carrier Class with this stringent level. The equipment will operate under the environmental extremes found in a central office. In a nutshell, the equipment meets all of the requirements of GR-63-CORE and GR-1089-CORE.
Telcordia has created a special NEBS page to their SuperStore providing customers with more info on the NEBS documents. Check out Telcordia NEBS Page
NOTES:
- Verizon does not follow SR-3580. They use their own NEBS checklist, NEBS Compliance Clarification Document, that details what they believe are important to their network's integrity.
- SBC uses 2 levels as detailed in their NEBS checklist TP76200MP.
- A combined Telecommunications Carrier Group Checklist can be found here TCG Checklist.
Wednesday, January 13, 2016
linux: Inter-Process Communication
- Signals - Sent by other processes or the kernel to a specific process to indicate various conditions.
- Pipes - Unnamed pipes set up by the shell normally with the "|" character to route output from one program to the input of another.
- FIFOS - Named pipes operating on the basis of first data in, first data out.
- Message queues - Message queues are a mechanism set up to allow one or more processes to write messages that can be read by one or more other processes.
- Semaphores - Counters that are used to control access to shared resources. These counters are used as a locking mechanism to prevent more than one process from using the resource at a time.
- Shared memory - The mapping of a memory area to be shared by multiple processes.
Linux Signals
SignalsLinux Signals are:
|
linux: process state codes
The codes used are:
Code | Meaning |
---|---|
D | Uninterruptible sleep (usually IO) |
R | Running or runnable (on run queue) |
S | Interruptible sleep (waiting for an event to complete) |
T | Stopped, either by a job control signal or because it is being traced. |
W | paging (not valid since the 2.6.xx kernel) |
X | dead (should never be seen) |
Z | Defunct (“zombie”) process, terminated but not reaped by its parent. |
For BSD formats and when the stat keyword is used, additional characters may be displayed:
Code | Meaning |
---|---|
< | high-priority (not nice to other users) |
N | low-priority (nice to other users) |
L | has pages locked into memory (for real-time and custom IO) |
s | is a session leader |
l | is multi-threaded (using CLONE_THREAD, like NPTL pthreads do) |
+ | is in the foreground process group |
D state occurs then the process is in uninterruptible sleep. This state is bad, because you can't do anything with the process in D state.
Monday, January 11, 2016
linux: stress testing for specific cpu cores
testi baslatma:
# taskset -c 87-95 bash -c 'while true; do selam >/dev/null; done &
cpu durumlarini gozlemleme:
mpstat -P ALL
testi durdurma:
kill -9 %1
(1 numarali job'i durdurmak icin)
Friday, January 8, 2016
linux: IRQBALANCE
In a computer, an interrupt request (or IRQ) is a hardware signal sent to the processor that temporarily stops a running program and allows a special program, an interrupt handler, to run instead. Hardware interrupts are used to handle events such as receiving data from a modem or network card, key presses, or mouse movements.
IRQBALANCE
irqbalance is a command line tool that distributes hardware interrupts across processors to improve system performance. It runs as a daemon by default, but can be run once only with the --oneshot option.
http://www.thegeekstuff.com/2014/01/linux-interrupts/
IRQBALANCE
irqbalance is a command line tool that distributes hardware interrupts across processors to improve system performance. It runs as a daemon by default, but can be run once only with the --oneshot option.
http://www.thegeekstuff.com/2014/01/linux-interrupts/
Scaling in the Linux Networking Stack
Scaling in the Linux Networking Stack RSS: Receive Side Scaling RPS: Receive Packet Steering RFS: Receive Flow Steering Accelerated Receive Flow Steering XPS: Transmit Packet Steering
Tuesday, January 5, 2016
how to send curl http request to ipv6 ip address
curl -v -g "http://[1a04:a0:2002:4201::50]"
* About to connect() to 1a04:a0:2002:4201::50 port 80 (#0)
* Trying 1a04:a0:2002:4201::50... Connection timed out
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host
Subscribe to:
Posts (Atom)