PPP Featured Image

Telekom Dual-Stack Verbindungsaufbau

Bis neulich hatte ich einen normalen DSL-Anschluss von 1&1: Per PPPoE eingewählt und eine IPv4-Adresse bekommen – fertig. Das kann neben der FRITZ!Box natürlich auch jeder vernünftige Router oder Firewall.

Jetzt habe ich endlich einen richtigen Dual-Stack (IPv4 und IPv6) Anschluss der Telekom (Glasfaser “MagentaZuhause M” ohne Fernsehen, siehe hier). Juchu! 😉 Bevor ich jedoch den mitgelieferten Speedport durch diverse andere Testgeräte ersetze, wollte ich mal vernünftig mitschneiden, welche Protokolle denn bei einem Verbindungsaufbau genau eingesetzt werden. Vor allem die Prefix Delegation über DHCPv6 interessierte mich…

Continue reading Telekom Dual-Stack Verbindungsaufbau

jw-nb10.cfg-192.168.120.10-cpu-ys-l2

BOINC Load depends on Processor Type

I am running two old notebooks in my laboratory for several server purposes. Last year, I started to support the World Community Grid project with the idle times on these laptops. Nothing interesting so far. However, it is interesting to track the load of the CPUs since they vary on both laptops due to the projects that require different CPU types.

Continue reading BOINC Load depends on Processor Type

Basic IPv6 Messages - Featured Image

Basic IPv6 Messages: Wireshark Capture

When explaining IPv6 I am always showing a few Wireshark screenshots to give a feeling on how IPv6 looks like. Basically the stateless autoconfiguration feature (SLAAC), DHCPv6, Neighbor Discovery, and a simple ping should be seen/understood by any network administrator before using the new protocol.

Therefore I captured the basic IPv6 autoconfiguration with a Knoppix Linux behind a Telekom Speedport router (German ISP, dual-stack) and publish this capture file here. I am using this capture to explain the basic IPv6 features.

Continue reading Basic IPv6 Messages: Wireshark Capture

Ping DSL vs. Glasfaser featured image

Ping Times/Latency: DSL vs. Glasfaser, IPv4 vs. IPv6

Seit wenigen Tagen bin ich glücklicher Kunde eines Telekom Glasfaseranschlusses. Mit satten 50/10 MBit/s rasen die Daten bei mir ein und aus. Neben der deutlich höheren Geschwindigkeit war ich aber auch an den Latenzen der beiden Anschlüsse interessiert und habe entsprechende Tests gemacht. Hier kommen die Ergebnisse.

Continue reading Ping Times/Latency: DSL vs. Glasfaser, IPv4 vs. IPv6

IPv6 through IPv4 VPN Tunnel

IPv6 through IPv4 VPN Tunnel with Juniper SSGs

The most common transition method for IPv6 (that is: how to enable IPv6 on a network that does not have a native IPv6 connection to the Internet) is a “6in4″ tunnel. Even other tunneling methods such as Teredo or SixXS are found on different literatures. However, another method that is not often explained is to tunnel the IPv6 packets through a VPN connection. For example, if the main office has a native IPv6 connection to the Internet, as well as VPN connections to its remote offices, it is easy to bring IPv6 subnets to these stations.

Here is how I did it with some Juniper SSG firewalls:

Continue reading IPv6 through IPv4 VPN Tunnel with Juniper SSGs

Firewall IPv6 Capabilities

Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo

Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration capabilities, they vary significantly.

Here comes my short evaluation of the IPv6 functions on the following four firewalls: Cisco ASA, Fortinet FortiGate, Juniper SSG, and Palo Alto.

Continue reading Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo

DNS Proxy Featured Image

Palo Alto: DNS Proxy for Management Services

The Palo Alto firewall has a feature called DNS Proxy. Normally it is used for data plane interfaces so that clients can use the interfaces of the Palo for its recursive DNS server. Furthermore, this DNS Proxy Object can be used for the DNS services of the management plane, specified under Device -> Setup -> Services. However, there was a bug in PAN-OS that did not process the proxy rules and static entries when a DNS proxy object was used in the management plane. This bug was fixed in PAN-OS 6.0.0. I tested it in my lab with PAN-OS 6.1.0 running. Here are the successful results.

Continue reading Palo Alto: DNS Proxy for Management Services

Zeitraffer Panorama 604

Low-Budget Zeitraffer in Full HD erstellen

Neben dem normalen Fotografieren und Filmen finde ich zwei Arten von Videos sehr interessant, nämlich Slow Motion Filme, bei denen eine schnelle Aktion sehr langsam dargestellt wird, sowie Zeitraffer, bei denen eine langsame Aktion sehr schnell dargestellt wird. Während man für Slow Motion Sequenzen leider teure Hardware braucht, die eine vielfache Frames per Second (fps) Rate als normale Kameras liefern können, kann man Zeitraffer relativ simpel selbst erstellen, in dem man eine Szene lang genug fotografiert und diese Fotos dann zu einem Video zusammenfügt.

Genau das mache ich seit einigen Jahren mit einer alten Canon Digitalkamera und einigen kostenlosen Softwares. Wie genau ich solche Low-Budget Zeitraffer in Full HD erstelle und was dabei zu beachten ist, erkläre ich in diesem Post sehr detailliert. Viel Spaß dabei. :)

Continue reading Low-Budget Zeitraffer in Full HD erstellen

FRITZ!OS 06.23 IPsec Proposals

FRITZ!OS ab 06.23: IPsec P2 Proposals erweitert

Es geht in eine weitere Runde bei den VPNs von und zur FRITZ!Box. Nach den unglücklichen Änderungen in Version 06.20 hat AVM wieder ein paar Phase 2 Proposals hinzugenommen, die komplett ohne Kompression laufen. Somit ist es wieder möglich, die FRITZ!Box im Aggressive Mode VPN-Verbindungen zu diversen Firewalls aufbauen zu lassen. Komisch nur, dass noch nicht alles ganz wie erwartet funktioniert. Hier kommen meine Testergebnisse.

Continue reading FRITZ!OS ab 06.23: IPsec P2 Proposals erweitert

IPv6 Dynamic Prefix - Featured Image

Idea: IPv6 Dynamic Prefix

For dynamic IPv4 addresses, dynamic DNS services such as Dyn or No-IP are well-known. If an ISP issues a single dynamic IPv4 address every 24 hours (or the like), the router or any other device registers the IPv4 address for a DNS record. With port-forwardings on the router, several services on different clients can be accessed.

Since there are some ISPs that offer dynamic IPv6 prefixes as well, I have a suggestion on how to optimize the “dynamic DNS” service for several IPv6 addresses and names. The main idea is to update only the IPv6 prefix, while the host IDs are static configured on the DNS server. This limits the DNS updates and expands the usage of DNS names even for devices that have no “DynDNS update client” built-in.

Continue reading Idea: IPv6 Dynamic Prefix