Biobug.org

That’s right, 10Gb – Ten Gigabit.
I need the ability to capture data from 10Gig links in my production network. Copper cards are actually pretty cheap, running a mere $600-800 USD.
My links are all fiber, and I like it that way. You’ll need a dual port card to use a fiber tap, but most of my hardware supports port mirroring – so I can get away with one.
For the money, Intel’s single port sfp+ card is a pretty good deal. It comes with a SR sfp+ module (sfp+ is the new high density 10Gb gbic-ish format) It’s hard to put 32 XFP modules in a single blade!

Anyhow, amazon has these
for about $1260.
Next up on my list – what kind of server will it take to grab data from a heavily utilized 10Gb data link.

if you download and run xbench on your macbook so you can speed up thawing out the plastic wrapped steak sitting between your macbook pro and a concrete countertop.

xbench: http://xbench.com/

Remember my RGB keypad project that I originally posted in Hack-A-Day? (part 1 and part 2) I finally got around to cleaning it up a bit and designed an Arduino Shield for it. This is the first prototype, and it looks pretty good.

I did a quick build of the shield, and after a function test, I’ll finalize the design. I’m thinking about adding an optional switch input: Sometimes we just need to be left alone – this input could be used to put the keypad in lockdown: glow full red and keep everyone out!

At minimum, I will be offering a kit that includes the shield, all the parts needed, a CNC cut button bezel + spacer.

If there’s enough interest, I can make a full kit that includes everything but the Arduino. Interested? Comment here and let me know. I will take pre-orders as soon as I’m satisfied with the prototype and figure out the total parts cost.

If you comment, I will send you an email when I’m ready to take pre-orders. Cost should be between $25 and $50 depending on how complete I make the kid.

A while back I wrote up my personal network build. Recently I swapped out the SSG5 that I had on loan for a cheaply available 5gt. The 5gt went EOL last year, but it’s a pretty reasonable box.
I had an interesting time figuring out the quirks of the 5gt, and I now have some respect for what Juniper did to the line after they bought up Netscreen.
Notable things about the 5gt: The interface names are lame. If you change the interface mode, the config will be defaulted.
Only the Trust/Untrust mode supports tagging, so that’s what I ended up with.
Netscreen thought it would be funny to make you use zone Trust on interface Trust. (same with Untrust) I ended up creating subinterfaces on interface trust and placing them into the custom zones that I wanted.
To use it, I put all the end point ports on my Cisco switch into vlan access and set the uplink port to 802.1q trunk mode.
I’ve done the same thing with my wireless controller, so now I can create unlimited wireless networks and up to 10 tagged subinterfaces on the 5gt.
In order to annoy my freeloading neighbors more, I re-created my guest network and rate limited it by policy to 256kbps. Guest users should be able to get basic internet, but now they can’t over run my bandwidth. It should also discourage any behavior that could encur the wrath of a dmca notice.
Finally I took advantage of the SIP alg on the 5gt to allow my sip trunk to work.
At this point I’ve got a one hella sweet network build for the house. I may shove a router inline so I can generate netflow statistics, but I’m not all that bored this week.

I wrote up an email for a new cohort, and thought that it would be helpful to toss up. So here we are, osx tools for the network guru with a mac. (guy/gal/whatever)

Go find the terminal.app, it’s hidden inside Applications/Utilities. Add it to your dock, it’s your new best friend.

Install Xcode: http://developer.apple.com/

Download and install fink from source (required for snow leopard)
http://www.finkproject.org/

Use fink to install handy software: minicom, nmap, tcpdump, etc.
>fink install minicom

Grab ssh tunnel manager,

vpn clients like ipsecuritas, cisco, microsoft remote desktop client for mac,  and wireshark.

tftp is nearly always supported as a file transfer method for network gear. Grab the tftp server app here:
http://ww2.unime.it/flr/tftpserver/

Download and install Fusion for your mac: http://www.vmware.com

Build an XP/7 whatever vm to run the various windows tools we need for access.

Get a usb to serial adapter for console access:

A USB network adapter can come in handy for firewall work – you can assign it to the vm for segmented network access.

Juniper has produced an interesting niche product for a while now. The entry level firewall has been the Netscreen SSG5 for a while, but with their new line of boxes based on JunOS instead of ScreenOS, things are getting interesting again.

I just mentioned that I picked up an older 5gt for my home network, but I should have some SRX units in my lab soon. Previously, the way to run cheap junos was to use olive, but now you can buy a brand new JunOS firewall for about $500.

The really interesting bit is that the new SRX firewalls offer some serious throughput for the money. An SSG550 runs about 8k+ and offers gig speeds. An SRX240 offers gig at fraction of the cost. (You can pick up 2+ units for the cost of a 550.)

Meanwhile, I see a drawback to the SRX100.  There’s simply no reason to offer measly 100Mb-TX ports on this box. Sure the SSG5 had em, but you have eight ports on the new unit. For remote sites, maybe I need Gig on a small LAN. So, what will happen? End users will put a SRX100 and put a cheap gig switch behind it. End the 100Mb tyranny!

I’ve been meaning to get going on some electronics projects for a while, and I’m about to pull the trigger on this one. A while back I posted a note about this project, and now I’ve got a new PCB coming out soon. This was a wired prototype for my bluetooth serial board. It’s damn hard to solder this stuff! Those are single strands from some speaker wire I pulled apart – and they worked.

This is the new board for the Bluetooth serial interface. It should be a handy breakout for various projects. I decided against a shield, simply because it would be excessive for the few pins needed to make this work. I’ll probably be assembling these on demand, but I’ll be happy to sell bare boards to those that want to face surface mount.

More later once the new board is past pre-production testing.

Netscreen 5gt

I have a habit of using better than average hardware for my home network. In truth, I prefer near enterprise class if possible.

The Netscreen 5gt is the precursor to the current Netscreen SSG5. The SSG5 is a great box, 120MB throuput, 6 interfaces, multiple virtual routers, etc. The 5gt went end of sale on December 31st, 2008. However, it’s still going to be software supported until December 31, 2013! There is a catch: Juniper.com won’t let you download new software unless you registered the device when it was new.

So, if you can work around the download issue (like buying a device from a vendor who includes the latest updates) you can have a stateful firewall that’ll do advanced networking. Compared to the SSG5, the 5gt is a little bit lame – somewhat annoying port names and limited port reconfiguration. Still, the device will do far more than the average cheap nat box.

If you have deeper pockets, go for either an ssg5 or… a new SRX 100 series. I’ve demo’d the SRX (and have a few on the way for production) and they’re very nice boxes. They run junos and the throughput is general doubled for the money on a similar netscreen. However, an older 5gt will only run about $50 on ebay.

I’ve been too busy to sort out my workshop for a while, but thanks to the delivery of a small Dell machine (thanks to Eric’s basement!) I’ve got a dedicated box assigned to run XP and Mach3 on my mill.

I did a quick test cut and it looks like I’ll have no problem producing new bezels for the RGB keypad soon. I’ll have to check and see if SparkFun want’s to carry them again, but if not they’ll be available directly from my store. Now I just have to rebuild my design/cad/cam machine and we’ll be golden.

If you’re desperate for a bezel, comment and I’ll see what I can do for ya.

Since my home network is a bit more complex than most, I found some interesting issues with Mediacom’s DNS. Yesterday, our wireless network stopped working (My wife reports that to me: the internet is down, did you pay the bill?) I could ssh in from work, so the connection was definitely working.

A bit of poking around and I find that the old primary DNS server isn’t even responding to queries. Luckily, I run my own dns server on my inner network and it works just fine. My fix for now is to allow a special NAT exception so that my internal dns server and supply dns for every network zone in my house.

I would hope that a full dhcp renewal would provide new, working DNS servers. But ultimately I don’t care since my fix was just a reversion to my old network config anyway.