Monday, February 13, 2012

"Mein Führer! I can walk!"

Hey guys, another chill morning after another blizzard and so another post comes :-)
It's been quite cold the last few weeks, some temperature records broken (and I was trying to figure out why a temperature record broken would be a good thing..) and half of the country is in despair.
  First things first in January we went to the RIPE training in Skopje, Macedonia. The weather was in its infancy but still was able to snow so much as not to be able to see where the road ends and the field begins, the snow plows were not released to clean yet, so on one sharp turn we couldn't make it and went in the snow on the side of the road. It wasn't very bad, all of us were fine and the car seemed OK, the only problem was that it was floating freely as the tires didn't touch the ground :-) After waiting for an hour and a half some man with a truck pulled us out and we continued to Skopje. I have to say this was on the Bulgarian side of the road, on the Macedonian side the snow was cleaned very well and the roads were fine.
After we got to the hotel which had to be 4-star (I would give it at most 2 stars), it was like pulled from the 60s and not in the good way. The rooms were cold, there was very loud wind. Anyway the next day we started the training session at 9 am. The session itself was divided in various different topics, there was information about PI space, IPv4 exhaustion, the end game (after there are no IPv4 networks), IPv6 deployment technologies, LIR's involvement in RIPE NCC rules and discussion about some RIPE NCC rules, various interesting projects at RIPE NCC like (I'll discuss this one later),, and much more.
The session continued from 9 am to 17 pm with a small lunch break. The next day was all about IPv6 :-)
Afterwards we were on our way back to Sofia. On the next day of work I decided to ask for IPv6 allocation from RIPE NCC and we got our 2a00:87c0::/32 network. And all hell broke loose!
I wanted to start using it right away, so I called one of our international providers and arranged for another BGP session just for IPv6. So far so good, then I decided to route it with OpenBSD since we no longer have any OpenBSDs at the datacenter (after Igor many machines were taken out). Of course it had to be more interesting than that - I wanted to run the OpenBSD on a diskless machine. I have to be honest - on the Internet there are manuals and tutorials to run OpenBSD diskless either 1. from another OpenBSD or 2. to install OpenBSD diskless (which proved to be very easy).
But I had to run OpenBSD diskless from FreeBSD. The process is basically the same (as with running it from another OpenBSD) just the details of the implementation differ. I'll try to give very brief overview of what has to be done in order for OpenBSD to run diskless:
1. Get OpenBSD sources and recompile the kernel with:
"config        bsd root on nfs swap on nfs"
2. You must have a configured RARP daemon because that's how it gets an IP address at boot.
3. You must have DHCP daemon for the pxeboot process mainly
4. You must have BOOTPARAM daemon because it gets its NFS parameters through it.
5. As 4 suggests you need NFS exports :-)
6. You MUST populate OpenBSD's /dev in the right way!
(This one could really make you sweat if you're not doing it from OpenBSD!)
Easiest way - install ksh and execute the MAKEDEV script (with small rearrangements of some command arguments) you'll be ok. Also a way to generate password for OpenBSD from the bsd.rd (the ramdisk install):
run httpd on the dhcpd, put mount_nfs there and then use OpenBSD's "ftp" to download it and mount the nfs, chroot to it and then use "encrypt -b 6 <password>" and useradd's -p argument to supply the encrypted password on the command line. You can boot bsd.rd directly (just with DHCP running for the pxeboot).
And after all this we have IPv6 dedicated server, the BGP session is running since. There are about 8000 routes right now :-) I also ran DNS64 implementation just for testing purposes. There are already some clients on IPv6 and we are routing it amongst client VLANs. It's a fresh look on the world I have to say, you read all about the protocols beforehand but the actual implementation and practical running still feels new and very different. I love having such huge address space, I could do any addressing scheme for the clients with VLANs/MAC addresses integrated in the IPv6 address or any combination of those. Oh and we have IPv6-only DNS server running as well.
   A little sidenote: We also volunteered for RIPE NCC's Atlas probe and they approved us. We are waiting for the probe to arrive and we'll be able to assign it IPv4 and IPv6 addresses. I think to make it public one.
   I also ordered Arduino Uno Rev.3 board with some sensors, resistors and a breadboard. I've been looking at various MCUs all weekend and wondered if I could make my own board with ATmel's Xmega MCU (it has AES/DES support), although I found software AES implementation for ATmega328. I also got permission to implement a project about RFID for our data center. I've ordered RFID reader and a couple of RFID tags which will be assigned to the people who have access. I'll connect it to an Arduino board with ethernet shield and will make a check-in system. I also decided to add few sensors for the data center (movement, temp. and humidity). I was thinking if we were to put more RFID devices at various points in the data center we could do triangulation as well, but I guess the same effect can be obtained by using appropriate sensors with single Arduino board. By the way I think to try and implement IPv6 on the ATmega328 and use it over the ethernet shield (although it's quite limited).
   Looks like this is it for now! On the mathematics front I have some news but I'll wait some more before sharing :-)

P.S. For your sake don't be wondering where the title is from and go watch          the movie straight away!