Friday, 30 March 2018

Tuesday, 27 March 2018

Policing / Shaping traffic in CentOS with tc

This can be achieved using the tc command - below is a simple example that polices all traffic on the interface. However you can also tag traffic with iptables and apply throttling based on these tags for more complicated scenarios. Policing Example tc qdisc add dev enp0s25 handle ffff: ingress tc filter add dev enp0s25 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 256mbit burst 0k drop flowid :1 tc qdisc add dev enp0s25 root tbf rate 256mbit latency 25ms burst...

Friday, 23 March 2018

QoS Congestion Avoidance

An excellent article on QoS Congestion Avoidance from netcerts: QoS Congestion Avoidance Tail Drop Tail Drop is when the packets are dropped when they arrive on a congested interface.Tail Drop is not just bad for voice packets but for data packets as well. It also impacts the efficiency of network bandwidth utilization. When the Output Queue is full and packets  arrive in on the Input Queue, then the packets which are arriving on the interface...

Wednesday, 21 March 2018

Example: Applying QoS on a Cisco 3650 / 3850

Note: In older models / OS's we needed to issue 'mls qos' in order to enable QoS on the switch - however with the 3650 QoS is enabled by default. The aim is to tag voice traffic with DSCP that hits either gi0/1 or gi0/2 from VLAN 10 and ensuring data traffic is even spread between vlan20 and vlan30. Note: In most cases AutoQoS is a much better solution and greatly simplifies the configuration - however I created this lab to demonstrate a simple example manually: vlan 10 desc priority traffic name VLAN10 vlan 20 desc non-priority data traffic...

Monday, 12 March 2018

Understanding VFS (Virtual File System), inodes and thier role

VFS (Virutal File System) The virtual file system manages all of the real filesystems mounted at a given time for example xfs, ext4 etc. Each file system registers itself with the VFS during initialization. Each real file system either requires support built directly into the kernel or in the form or modules. Each filesystem mounted by the VFS has a corrosponding superblock (that is a VFS superblock - not an EXT3 superblock - they are similar in nature however distinct.) A VFS superblock contains the following information: - Device (e.g. /dev/sda1) -...

Friday, 9 March 2018

Manually adding a host SSH fingerprint into known_hosts

I noticed that when connecting to a non-standard port for SSH e.g. host.com:2020 that the SSH host fingerprint was not being added to the users known_hosts file. So in order to perform this manually we should issue: ssh-keygen -p 2020 host.com host.com ssh-rsa AAAABBBBBBCCCCCC..... and then append it to our known_hosts echo AAAABBBBBBCCCCCC..... >> ~/.ssh/known_ho...