[FreeBSD] FreeBSD 7.0 ออกแล้ว

วันนี้ผมเข้าไปดู freebsd ปรากฏว่า freebsd 7.0 ออกแล้ว ซึ่งดูจาก release announce แล้วดูดีมากเลยครับสำหรับไปใช้กับ multiprocessing

Dramatic improvements in performance and SMP scalability shown by various database and other benchmarks, in some cases showing peak performance improvements as high as 350% over FreeBSD 6.X under normal loads and 1500% at high loads. When compared with the best performing Linux kernel (2.6.22 or 2.6.24) performance is 15% better. Results are from benchmarks used to analyze and improve system performance, results with your specific work load may vary. Some of the changes that contribute to this improvement are:

• The 1:1 libthr threading model is now the default.

• Finer-grained IPC, networking, and scheduler locking.

• A major focus on optimizing the SMP architecture that was put in place during the 5.x and 6.x branches.

h**p://www.freebsd.org/releases/7.0R/announce.html

[Cisco] เมื่อเรา enable control plane policing แล้ว ping ตัวเอง

[R1] f0/0 ------------------------------ f1/1 [R2]

[R1]
int f0/0
ip add 150.1.1.1 255.255.255.0

ip access-list extended ICMP
permit icmp and and

class-map ICMP
match access-group name ICMP
policy-map ICMP
class ICMP

control-plane
service-policy input ICMP

#deb ip packet detail
#sh policy-map control-plane
Control Plane

Service-policy input: ICMP

Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: access-group name ICMP

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

R1#ping 150.1.1.1 re 1 <----- ping count 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 1/1/1 ms
R1#
00:12:24: IP: s=150.1.1.1 (local), d=150.1.1.1 (FastEthernet0/0), len
100, sending
00:12:24: ICMP type=8, code=0
00:12:24: IP: s=150.1.1.1 (FastEthernet0/0), d=150.1.1.1, len 100, rcvd 2
00:12:24: ICMP type=8, code=0
00:12:24: IP: s=150.1.1.1 (FastEthernet0/0), d=150.1.1.1, len 100, stop
process pak for forus packet
00:12:24: ICMP type=8, code=0
00:12:24: IP: s=150.1.1.1 (local), d=150.1.1.1 (FastEthernet0/0), len
100, sending
00:12:24: ICMP type=0, code=0
00:12:24: IP: s=150.1.1.1 (FastEthernet0/0), d=150.1.1.1, len 100, rcvd 2
00:12:24: ICMP type=0, code=0
00:12:24: IP: s=150.1.1.1 (FastEthernet0/0), d=150.1.1.1
R1#, len 100, stop process pak for forus packet
00:12:24: ICMP type=0, code=0

R1#sh policy-map control-plane

Control Plane

Service-policy input: ICMP

Class-map: ICMP (match-all)
2 packets, 228 bytes <---- สังเกตุว่าเมื่อแสดง log พบว่า match
icmp 2 packet ทั้งๆที่เรา ping count = 1
5 minute offered rate 0 bps
Match: access-group name ICMP

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

เมื่อเราใช้ ethereal จับ packet ดู
No. Time Source Destination Protocol
Info
1 0.000000 ca:00:1c:34:00:00 ca:00:1c:34:00:00 LOOP
Reply

Frame 1 (60 bytes on wire, 60 bytes captured)
Arrival Time: Feb 27, 2008 10:26:20.228782000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: False]
[Protocols in frame: eth:loop:data]
Ethernet II, Src: ca:00:1c:34:00:00 (ca:00:1c:34:00:00), Dst:
ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
Destination: ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
Address: ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered
address (this is NOT the factory default)
Source: ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
Address: ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered
address (this is NOT the factory default)
Type: Loopback (0x9000)
Configuration Test Protocol (loopback)
skipCount: 0
Relevant function:
Function: Reply (1)
Receipt number: 0
Data (40 bytes)

0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020 00 00 00 00 00 00 00 00 ........

No. Time Source Destination Protocol
Info
3 9.987619 ca:00:1c:34:00:00 ca:00:1c:34:00:00 LOOP
Reply

Frame 3 (60 bytes on wire, 60 bytes captured)
Arrival Time: Feb 27, 2008 10:26:30.216401000
[Time delta from previous captured frame: 2.968997000 seconds]
[Time delta from previous displayed frame: 2.968997000 seconds]
[Time since reference or first frame: 9.987619000 seconds]
Frame Number: 3
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: False]
[Protocols in frame: eth:loop:data]
Ethernet II, Src: ca:00:1c:34:00:00 (ca:00:1c:34:00:00), Dst:
ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
Destination: ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
Address: ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered
address (this is NOT the factory default)
Source: ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
Address: ca:00:1c:34:00:00 (ca:00:1c:34:00:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered
address (this is NOT the factory default)
Type: Loopback (0x9000)
Configuration Test Protocol (loopback)
skipCount: 0
Relevant function:
Function: Reply (1)
Receipt number: 0
Data (40 bytes)

0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020 00 00 00 00 00 00 00 00 ........

พบว่ามันเป็น protocol LOOP ผมเลยไปค้นหาจาก wiki.wireshark.org
h**p://wiki.wireshark.org/Loop?action=show&redirect=Protocols%2Floop

ทดลองส่งเมล์เข้า blogspot

ทดลองส่งเมล์เข้า blogger แล้วให้แสดงผลออกทาง blogspot โดยใช้ feature
Mail-To-Blogger

[Certified] CCIE Logo

[Certified] CCNA Logo

[Certified] CCNP Logo

[Certified] JNCIA-ER Logo

[Juniper] สอบ certified ของ Juniper

เมื่อวันเสาร์ผมไปสอบ JNCIA-ER ซึ่งได้สอบฟรีจาก fasttrack program ของ juniper ผลก็สอบผ่าน บอกได้เลยว่าท่องไปสอบ ตรงจริงๆ 100% :-P
และวันที่ 1 มีนาคมนี้ก็จะไปสอบอีกตัวคือ JNCIS-ER ก็น่าจะเป็นในทางเดียวกันคือ ท่องไปสอบครับ

[Linux] เวลาเราใช้ vmware เพื่อใช้ emu Olive เจอปัญหาเรื่อง console

เวลาเราใช้ vmware เพื่อ emulation Olive ซึ่งโดย default แล้ว olive จะ input/output ทาง console ฉะนั้นทำให้เราไม่สามารถ console กับ vmware ได้
1. ที่ vmware ทำการ add serial port โดยเป็น name pipe
path= /tmp/com1
This end is the server
This other end is an application
2. install software name socat
sudo apt-get install socat
3. run socat
socat -d -d /tmp/com1 pty <-- socat จะทำการ emulate /dev/pts/? จากนั้นเราใช้ minicom use port /dev/pts/?
4. minicom -s

[Cisco] Config Router ให้สามารถรับ L2TP over IPSec จาก windows client

aaa new-model
aaa authentication ppp L2TP local
!
username cisco password cisco
!
vpdn enable
!
vpdn-group PPPTP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 10
no l2tp tunnel authentication
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key PRESHARED address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set VPN-CLIENT esp-3des esp-sha-hmac
mode transport
crypto ipsec df-bit clear
!
crypto dynamic-map VPN-DYNAMIC-MAP 10
description ## dyanmic crypto map for VPN Users ##
set nat demux
set transform-set VPN-CLIENT
!
!
crypto map VPN-DYNAMIC-CLIENT 10 ipsec-isakmp dynamic VPN-DYNAMIC-MAP
!
interface G0/1
des ### Internet ###
crypto map VPN-DYNAMIC-CLIENT
!
!
interface Virtual-Template10
ip unnumbered Loopback0
peer default ip address pool L2TP_POOL
ppp encrypt mppe 128 required
ppp authentication ms-chap-v2 L2TP
!
ip local pool L2TP_POOL 192.168.1.1 192.168.1.10

#######
Windows XP Setup
1. Start -> Control Panel -> Network Connections
2. Menu File --> New Connection
3. Next --> Select: Connection to the network at my workspace --> Next
4. Select: Virtual Private Network Connection --> Next
5. Enter connection name
6. Select: Do not dial the initial connection --> Next
7. Enter IP Address of VPN Server --> Next --> Finish
8. Show dialog --> Properties --> Security Tab
9. Select: Advanced (customer settings)
10. IPSec Settings --> Use pre-shared key for authentication --> Enter pre-share key --> OK (ex. PRESHARED
11. Enter username,password then Connect (ex. username cisco, password cisco)

[Cisco] ต้องการให้ user ใน LAN ต้อง authentication ก่อนการใช้งาน internet

conf t

aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization auth-proxy default local

ip auth-proxy auth-proxy-banner http ^C
Please authentication first before access internet !!!
^C
ip auth-proxy name PROXY_AUTH http inactivity-time 10
!
int f0/0
des ## LAN ##
ip access-group FW in
ip auth-proxy PROXY_AUTH
no sh
!
ip http server
ip http access-class 55
access-list 55 deny any
!
ip access-list extended FW
deny ip any any

##
sh ip access-list FW <-- เมื่อ authen ผ่าน acl จะสร้างโดยอัติโนมัติ
sh ip auth-proxy cache
!
!
User ต้องเรียก web อะไรก็ได้จากนั้นจะถูก redirect page เพื่อไป authentication และเมื่อ username และ password ถูกก็จะสามารถใช้งาน internet ได้

[Cisco] ต้องการดูว่าใครกำลังติดต่ออยู่กับใคร ด้วย ip flow

conf t
ip flow-top-talkers
top 50
sort-by-bytes
int g0/1
des ## connect to internet ##
ip flow ingress
ip flow egress

#sh ip flow top-talker

[Cisco] แก้ไข Numbering Access-list

เมื่อก่อนเวลาเราแก้ไข access-list ที่เป็นตัวเลข เราไม่สามารถลบบางบรรทัดได้ ใน IOS รุ่นใหม่สามารถแก้ไขได้ทำได้โดยใช้ command เหมือนกับ naming access-list
ตัวอย่างเรามี access-list
access-list 100 permit ip 1.1.1.1 0.0.0.0 any
access-list 100 permit ip 2.2.2.2 0.0.0.0 any
access-list 100 permit ip 3.3.3.3 0.0.0.0 any
ต้องการลบ access-list บรรทัดที่ 2
ip access-list extended 100
no permit ip 2.2.2.2 0.0.0.0 any
ต้องการ verify
sh ip access-list 100
access-list 100 permit ip 1.1.1.1 0.0.0.0 any
access-list 100 permit ip 3.3.3.3 0.0.0.0 any