Super-Networking Blog

So I have been doing BGP on Cisco routers for about 6 years or so, it is a really good way of having a redundant ISP connection. Sure it can be a pain to get it setup as some ISPs take a while to get the settings right but once it is setup and tested normally it works like a charm. Typically I run the 2 ISP connections in an active/standby fashion instead of load sharing. This allows you to get a better rate on the backup connection as long as you don’t use them on a regular basis. Not using both connections is easier said then done though, when you setup BGP by default it will choose the best route for the connection so it will use both connections. In the past I have done my best to fix this problem by weighting the connections both in and out so I can choose the best path for outgoing connections and advertise the best path for incoming connections. Doing it in this manner works pretty well but their is always some traffic on the incoming side of the redudnant ISP for destinations that are directly connected to that ISP.

I have never had a problem with this lower amount of traffic before from that 2nd ISP but I was tasked recently with finding a way to bring that traffic down to almost zero. What I found was BGP Conditional Advertisement Feature that Cisco has. I had never heard of this before but sounds like the perfect solution to my problem. Basically what this feature does is allow you to setup a conditional BGP advertisement to the 2nd ISP connection. In this condition you put a route or some other dynamic information you recieve from ISP 1 and your normal advertisments for ISP 2. If this condition sees the information you specified from ISP 1 it will withhold the advertisements from ISP 2. If the information from ISP 1 goes away the condition will then advertise to ISP 2. I have not put this in place yet as I am still looking into aspects of putting it in place. This might cause a longer outage when ISP 1 fails but will solve the problem of incoming traffic on ISP 2 because if I am not advertising at all out ISP 2 I can’t get any traffic from them.

Here is a document on how to configure this feature on you Cisco Router.

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml

I really need to start blogging again. I have stopped tweeting because I couldn’t put enough content in a status update and have moved to facebook but still not the same thing. Stopped blogging when I made it all about optimizing my posts and visibility on the Net. This made it way to time consuming and didn’t see the point in continuing. Will try to start up again, I find that this blog is a nice archive of the projects I have done. When I come across something that I know I have done in the past I can simply search my own blog to find the answer instead of racking my brain for all the little details.

Here is to Happy Blogging in 2011

FBI agents have seized millions of dollars of equpiment from a hosting provider named Core  IP Networks.  This has left nearly 50 businesses without access to their email and data. Some of those clients provide internet services to car dealers and other companies.

Also some residents in the are have lost access to 911 is  because some of Core IPs primary customers include telephone companies.

Link to News Story

Sometimes you just need Secure ftp or sftp for some reason or another. Most ftp servers that are free do not include sftp, you need to pay for that functionality. There is a program that CoreFTP puts out called mini sftp server but you need to run this while logged in. If you log out of the server then sftp shuts down, does not run as a service.

Before you spend the $50-$200 to purchase a sftp application that runs as a service try this workaround. Download the mini sftp server, run the program setup the user and path. Then close it and open up scheduled tasks.

Add a new task:

-Browse for the mini sftp program

-Set you “Run as” user and password

-Go to Schedule Tab and change it to “At System Startup”

-Go to the Settings Tab and uncheck “Stop the task if it runs for” box

-Save the settings and run the task.

You should now have your sftp process going even when you aren’t logged in.

One of the big challenges of starting up a new UMTS network in the U.S. is that supported phones are not easy to find. UMTS or 3G GSM is quite new to the U.S. and most of the phones out there are exclusive or locked by the major carriers such as At&t.

So where is a good place to start looking? GSMArena

This site gives a great breakdown of all the latest handsets and up and coming handset by frequency and features. Keep a sharp eye because it doesn’t always tell you if the phone is locked.

Some phones I am looking at right now for our network:

Glofiish X800

HTC TyTN II

HTC s740

Motorola a3100

Nokia 5800 xPress

Nokia e66

Nokia e71

Nokia n85

Palm Treo 750

Sony/Ericsson k850i

I am testing a sweet little UMTS/HSDPA/HSUPA router this week called the Option Globalsurfer III. This is a wi-fi enabled router that will be available on the NCW networks. This is one of the best cellular routers I have ever seen.

Speeds (Maximums not offered everywhere) : Upload 5.76Mbps, Download 7.2Mbps

Features:

Wi-Fi - Supports WPA2

2 Ethernet Ports - 2 Port Ethernet Switch

USB for Storage Server or Printer Server - Can connect a USB hard drive and use as file server or a USB printer for printer sharing

SMS - Send and receive SMS messages from your desktop

Phone - Plug in any landline phone and you are ready to start sending and receiving phone calls

Firewall - Built in firewall

External Antenna Port - Can add external antenna in low signal areas

The best part is it works anywhere you have signal from a NCW network and soon nationwide

Well after 6 months without a blog at all and a year since I have posted a new blog entry I have brought back Super-Networking with the help of Steve. The main reason I got rid of Super-Networking to begin with, money, trying to save some extra money and I have now moved to a cheaper hosting provider.

The main reason I am bringing it back is need, I am working at a new company called Core Wireless/NewCore Wireless. I have been working my butt off and learning a ton of new things. I like to share my experiences with others to help them along and for myself to look back 6 months from now when I run across a problem I know I figured out before.

I have found that Twitter has taken up most of my day to day updates but will try to blog on a regular basis as well. If you want to follow me on twitter go here:

http://twitter.com/csuper163

More entries to come soon.

I found out an interesting quirk when backing up DFS (Distributed File System) files using Symantec Backup Exec 11D. I have a full backup setup, basically selected the entire drive to backup, finishes every night with no errors.

You go back into the job in Backup Exec and try to do a restore, what do you find? The folders that contain the DFS files are empty, 0 bytes. My first thought is what the hell is this all about. Was scared for a minute or two thinking I have no backups on tape of any of my DFS files.

I looked into it more and found that starting in Backup Exec 10d SP2 and continuing through 11d you cannot performance a backup of DFS files directly like you would normally do. You need to use the “DFSR Writer” which means using the Shadow Copy Components backup.

If you go into your server selection in Backup Exec, drill down into Shadow Copy Components -> User Data you will see the DFS info. Make sure to select these to backup your DFS files.

Things to keep in mind about backing up DFS in this manner:

-Backup Performance is greatly affected, could double the time needed for backing up those files.

-DFS Backups in this manner cannot be redirected to another location on restored like a lot of people including myself like to do when restoring files.

One workaround for the speed issue I have found but not tested is to run a Net Stop command for the DFS Replication service before the backup starts then a Net Start for that service when done.

What do you do if you want to look for combinations of word strings in Gigabytes of IIS log files but don’t want to spend any money?

You download a program called Strings.

This is a SysInternals program now owned by Microsoft that will search through text files for word strings and kick them out to you.

So I will go through an example of how you can use it and you can modify it from there.

So copy all of the IIS log files to a location, for example c:\logs

Then open up a command prompt, go to the directory where you have the strings program.

Type the command: strings.exe -s c:\logs | findstr “Your Search Text”

This will dump all the lines it finds with that search text to your command prompt window. Now take it further.

Type the command: strings.exe -s c:\logs | findstr “Your Search Text” > c:\output\log.txt

That will dump the found lines to a new text file. Either you can use that text file for whatever you want or parse it down further with the following.

Type the command: strings.exe -s c:\output | findstr “Your Search Text 2″

That will allow you to search through huge directories of IIS logs for combinations of things. If you do the same search often try dumping it into a batch file.

Thanks Goes to Steve For the Idea to Look Into Strings

Do you want your workstations to connect to PPTP VPNs through a Cisco Pix firewall without having to setup a static NAT for each one.

Are you getting the following error in your syslogs when you try:

“regular translation creation failed for protocol 47″

All you should have to do is add a new fixup protocol entry.

“fixup protocol pptp 1723″

Now assuming that you have a PAT for all traffic from inside to outside you PPTP connections should work.

There are other factors that could cause this to fail, make sure that you are on at least version 6.3 of the Pix software.

If you still have problems check your syslogs.