Blog

I’m leaving my getting hit in the head lesson when the boss calls.  Some unmentionable orifice is firing DOS attacks at a couple of our SIP servers.  My mission, should I choose to accept it, is to find and block the attackers.  (Should I choose to not accept it, then my mission will be to listen to Fearless Leader whine about it.  I can’t stand whining.)  Fortunately, I have flow data for one of the servers under attack. Continue reading “Finding a SIP DoS attack via flow analysis”

Earlier I discussed using HAST to mirror a ZFS across two machines.  I also discussed using devd with CARP interfaces, to run a script when a machine changes between master and backup.  Now let’s glue these together to synchronize a ZFS switch with CARP state, and to run scripts when the system becomes the master or the backup. Continue reading “Automated CARP/HAST Failover”

In my last post I discussed using HAST with ZFS.  That tells you how to replicate a filesystem back and forth between two machines.  That’s nice, as far as it goes, but I want automatic failover.  Clustering.  I want to wake up in the morning to a message that says “machine 1 failed, machine 2 took over, and nobody noticed” instead of a lot of messages from angry customers.  The standard FreeBSD failover mechanism is CARP, the Common Access Redundancy Protocol.  Here’s the basics of CARP. Continue reading “CARP and devd on FreeBSD”

There’s a nice tutorial on using HAST (Highly Available STorage) with UFS and ucarp.  That’s very nice, but in my failover scenario I can’t use UFS; a fsck would take too long, and a background fsck would be most likely to lose the data I’m most likely to need.  And FreeBSD comes with a kernel-side CARP implementation; why would I use the userland implementation instead?  So: the tutorial is great, except it doesn’t do what I want.  I’ll attack this problem in two phases:  one, get HAST with ZFS running, and experiment with it.  Two, get CARP failover to trigger HAST failover automatically.  (I believe I can use devd for CARP-initiated failover, but I’ll need to do further research on that.  That’ll be another posting.)  Today I’m experimenting with HAST and ZFS.  Continue reading “HAST and ZFS”

Daisuke Aoyama (Google translation) has created a kernel module to glue an iSCSI disk to a boot drive. While the driver was intended for use with iBFT, you can also use it with gpxeboot.  He has even made FreeBSD install ISOs with iSCSI support available.  The server has limited bandwidth, so start the download well before you want to use it.  (I have previously looked at using iSCSI disks on FreeBSD.)

Thank you, Aoyama-san!

I’m making an effort to work in the same way as my co-workers.  This means using a Windows laptop, after fifteen years of Unixish desktops.  I like to change desktop operating systems every couple of years anyway, so this isn’t a huge deal.  The new work laptop came with Windows Vista, HP Bastardized Overloaded Nagware Edition, so the company Supreme Leader got me a Windows 7 DVD and license.  I threw the disk into the laptop, kept hitting ENTER until the OS was installed, fed it my license key, and was up and running.  That almost destroyed my productivity forever.

Continue reading “Uninstalling Windows 7 Games, with Prejudice”