Installed a Twiki server to document the lab configuration and make it easier for people to understand how things are configured:
Click here for the Twiki

It's been a while since I've had MRTG working on my network. Can't even remember when it broke now that I think about it. Anyway things i are back up and working well. Check it out:

Click here to check it out

Although I've finished school and am taking a break from teaching for a while I've still got way less time on my hands then I thought I would for tinkering with the networking gear I've got set up here. At this point I think it would be a good idea to open up the lab for remote access, so peope who are studying for networking certifications can use the routers. Maybe it's not a good idea... but I am going to try it for a while and see how it goes. To that end, I'm looking for some person or people to volunteer some time to set up and populate a twiki page with information about the lab and how to use it, and maybe something like phpScheduleIt as well, so people can book time on the rack. If you like playing with routers and think you would be interested, drop me a note frank378@gmail.com

Sometimes I just get the bug to clean house... like take everything down to the bare metal and start over again. This was one of those times. I was able to finally get around to all those things I'd been putting off, like adding patch panels and such. At the top I added a new Cat5e patch panel, and in between the switches I added those panduit thingies for the cables to pass through, so they aren't all hanging out the sides. At the bottom you can see my Xyplex console server and OpenBSD firewall below that. Click the thumb to see the final result....

Got inspired today and snapped a few pictures of the fiberoptic cabling for my home networks. I've got the traffic separated into several distinct networks, based on type. So what you're seeing here is a very old IBM compatible PC, probably 10+ years old and loaded up with 1000base-SX network cards. The computer is running OpenBSD 4.6 and some software called "PF", which is short for Packet Filter. As the traffic passes into and out of the networks, it is filtered according to the custom ruleset enforced by PF. It works with IPv4 as well as IPv6. All these orange fibers feed into a Cisco 4912G where they are separated into different LANs. I chose OpenBSD because it is known for being very secure (http://www.openbsd.org/security.html). There is an Open Source project similar to this called "PF Sense" that does a lot of the heavy lifting for you, as far as crafting the rules in PF and such, but the last time I looked at it there were some things lacking (IPv6 support maybe? It's been a while) so that is why I stuck with my custom solution.

Whoo, yeah. Finished my Master of Scienc e in Network Engineering from DePaul University in Chicago. Have to say I really enjoyed it, but now that school is out I will have much more time to tinker in the lab!

I wrote this cool "how-to" thingy on a buddy's website. It was fun to do and it didn't take that long, but how would you know this kind of thing if you couldn't google for it? Makes me think I should write more things down ;)

IRC via IPv6 and SSL

Today I was able to get everything done for my remote power project. I love having lots of networking gear to tinker around with, but the power that this stuff uses adds up pretty quickly. I've added a APC AP7902, which is a 16 outlet PDU that can be controlled through a web interface. That way if you want to bring a device up or down you don't have to physically be in the room. You can control the device from anywhere.

Now that this is done I feel like I am a step closer to one of my goals, which is making the lab freely available on the web for anyone who wants to use it.

Moved my domain from Network Solutions over to Go Daddy starting today. I say starting because Network Solutions won't finalize the m ove until January 3rd, 2011. I guess I could call and complain but I'm not 100% sure there's actually any impact to the hostnames on my domain.

There is a free IPv6 Tunnel brokering service available through Hurricane Electric, an ISP that is headquartered in Florida I think. If you have a static IP you can use their web page to provision the tunnel and it even tells you the commands you can use to provision your end of the tunnel for various popular operating systems. The real complexity came in when I had to update my pf.conf that contains all my firewall rules. It's already fairly complicated because of the way I have my networks broken up. Now it's even more complex. It was a fun way to spend a weekend.... now considering looking into setting it up over BGP. Oh yeah... one bad thing happened. I had to take my fancy new Squid proxy down becuase it was interfering. Back to square one on that.

This quarter at DePaul I took a network security class that I had to do a final project for. I chose to implement a Squid proxy with all the trimmings... sort of security related I suppose? It took a while to get everything to work. Many days in fact. What I wound up with was a very nice transparent proxy server that required no configuration on the end hosts, some blacklisting capability thanks to the squid-guard add on, and statistics pages with the lightSquid package. I would say it turned out to be an intermediate level project to get it all working. There is a way you can add virus scanning as well, but unfortunately I ran into issues (re-re-re-)compiling c-icap package that it required so I am not doing that for now.

I've had a 1u server running for about 10 weeks now, waiting for me to find the time to configure it as my new mail server. After a few false starts I finally sat down a few days ago, determined to stay in my chair until I had it all up and running. Well it wound up taking much longer than I anticipated. Four days in fact! (No, I did not sit there the whole time.) Anyway it's finally finished, with courier IMAP, clamAV, Spam Assassin, Amavisd, and even squirrel mail.

This 10/100 switch I was running is older than Jesus. Ok, not quite that old, but it was starting to feel that way. I wound up getting a used Dell 5324 from Ebay to replace it with. just for fun, I tried making a video of the swap process. You can see the results by clicking here.

Google's march towards global network domination continues. Now they are offering free DNS service as described in this brief document. I've decided to give it a go to see if it lives up the to the claims of being "faster" and "more secure".

I'm working on rebuilding my network with an OpenBSD PF firewall in the middle. I found this really great OpenBSD DNS reference written by Daniele Mazzocchio that lends itself well to the sort of structure I want to do. The primary goal is to segregate the lab networks from our personal computers so that I can be more permissive about letting people log in to the UNIX shells, cluster, and router lab.

I'm working on rebuilding my Cisco lab and working on renewing my CCNA and CCNP certifications. I've been meeting on Saturdays with a new study group and we're making some good progress. I'm working on a web page here to keep track of some of my efforts and lab information. While you wait for tha t to be done, take a look at Scott Morris's lab...pretty amazing!

We had a fantastic Halloween this year and got a lot of candy. Check out this cool pumpkin that Laura carved!