Why and how I migrated my blog from WordPress to Hugo.
GitLab CI Runner on Rootless Podman
GitLab CI runner can be contained in a completely rootless environment. It can start as a non-root user, and work with a rootless Podman instance as a Docker runner. And here is how I achieved it. My CI host configuration: Ubuntu 20.04 Podman 3.4.2 GitLab Runner 14.5.0 A similar procedure can be applied to other distros as well. Install Podman Use the following script for installing the latest version of Podman onto a Ubuntu.
The Networking Hardware Vendors Assessment 2021: MikroTik
This is the first article of The Networking Hardware Vendors Assessment 2021 series. In this series, I’m going to talk about some major networking hardware vendors, their hardware and software, their achievements and what to expect if you buy their hardware in 2022. MikroTik has always been the definitive choice if my purchase target is the cost effectiveness. This is not to say their product is good (the “good” good), but:
Mellanox ConnectX-3 Firmware Flashing and Configuration for Both Ethernet and InfiniBand in 2021
Introduction Although old, Mellanox ConnectX-3 has been a good card with decent performance and a good price on second-hand markets. This makes it the straightforward choice for a high-performance home or lab network. (If you intend to run InfiniBand on ESXi 7.0 or higher, go for CX4 or higher.) Sometimes you would find a card with a strange firmware or one not compatible with your existent gear. Luckily you can change the port configuration on all CX3 cards with a simple firmware flash.
Juniper SRX as a DHCPv6 PD Client on a PPPoE Interface
Recently my ISP fixed the compatibility issues between their Huawei BRAS and my Junos router. After some digging, I managed to get some IPv6 address allocation for all my client devices. Here’s how I achieved it.
DHCP Server on Juniper SRX
This article provides everything you need to setup a local DHCP server on a SRX security device. JDHCPD vs DHCPD JDHCPD provides more functionalities than DHCPD, so it is recommended to use JDHCPD on new setups. (Feature comparison) DHCP and uRPF If you have uRPF and DHCP setup on the same interface, by default all DHCP traffic will be dropped. To make DHCP work, you need to set up an exemption:
Flux Language Tutorial with Grafana
Flux Language is the shiny new query language that comes with InfluxDB 2.0. Since it is “the future”, and the OSS (free) version of InfluxDB 2.0 is not getting the old query language support in (at least) the first few versions, I’ve been using Flux Language for some new projects. Meanwhile, the (functional) documentation for both the Flux Language and its support in Grafana does not exist yet. In this post, I’d like to give some examples to quickly address common data processing needs, for both server monitoring and simple BI usages.
Interoperating Cisco DMVPN, Huawei DSVPN and OpenNHRP
Traditional point-to-point site-to-site VPN protocols require extensive setup in certain use cases. For example, if you want shortcuts between branch offices rather than let every packet go through the HQ, then you need to set up a cartesian product of tunnels by hand, which is time-consuming and error prone. So, people want something better, something easy to set up and maintain, and dynamic enough. While there are already a lot dynamic point-to-multipoint or full-mesh site-to-site VPN implementations (e.
Access Services on the Router from VRF on RouterOS 6
It is always a misconception that you can’t access services (management services like HTTP, WinBox or SNMP, and end-user services like SMB or DNS) from a VRF on RouterOS 6.x. In fact, you can, and here’s how you can achieve it. The Theory No service (except ICMP echo, if you count it as a service) on RouterOS 6.x is VRF aware. That means, the service daemons do listen on all the IPs on all the VRFs, but when they send a reply packet, the packet is only routed using the main (global) routing table.
Access Services on the Router from VRF on RouterOS 6
It is always a misconception that you can’t access services (management services like HTTP, WinBox or SNMP, and end-user services like SMB or DNS) from a VRF on RouterOS 6.x. In fact, you can, and here’s how you can achieve it. The Theory No service (except ICMP echo, if you count it as a service) on RouterOS 6.x is VRF aware. That means, the service daemons do listen on all the IPs on all the VRFs, but when they send a reply packet, the packet is only routed using the main (global) routing table.