YiBi's Life|Live Log

Just like to share something that I discovered during the process of upgrading my machines to RHEL6. One of my machines had problems connecting to a multi-homed machine.

These are the ip configurations of the interfaces on the servers.

Server A

eth0 ( 192.168.1.100, running Bind9 and listening on this IP)

eth1 (192.168.2.100)

Server B

eth0 ( 192.168.2.101)

Problem:

Server B issues a DNS lookup to Server A and gets a timeout.  I didn’t have this problem with another multi-homed machine running RHEL5.

I did a tcpdump -i any host 192.168.2.101 and port 53 on Server A and saw that packets are indeed coming to come Server B, but there are no return packets. Bind is definitely running fine. The problem definitely has to be due to RHEL 6 and caused by asymmetric routing.

A Google search asymmetric routing issues on RHEL6 gave me the answer immediately.

In RHEL5, rp_filter is disabled. So packets can be routed via another interface in another Layer 3 domain i.e. eth0 source ip on Server A can answer to Server B via routing rather than going through eth1 in the same broadcast domain.

In RHEL6, rp_filter is enabled, so Server A checks the routing table and finds that eth1 is the optimal route to Server B. Trouble is that the request from Server B arrived from eth0, so rp_filter kicks in and drops the packet silently!

The immediate solution is to set the rp_filter to 2 on Server A, which is Loose Checking mode. I edited /etc/sysctl.conf and changed net.ipv4.conf.default.rp_filter = 1 to net.ipv4.conf.default.rp_filter = 2

I like to be very explicit when defining configurations, so I added the following too.

net.ipv4.conf.eth0.rp_filter = 2

net.ipv4.conf.eth1.rp_filter = 2

The configuration in /etc/sysctl.conf makes the setting permanent after reboots. For realtime change, do

echo 2 > /proc/sys/net/ipv4/conf/eth0/rp_filter

echo 2 > /proc/sys/net/ipv4/conf/eth1/rp_filter

More information on rp_filter or Reverse Path Filter:

http://www.wlug.org.nz/ReversePathFiltering

https://www.redhat.com/archives/rhelv6-list/2011-January/msg00080.html (Google: “rhel 6 asymmetric routing”)

A picture tells a thousand words. This is my download with a Premium FileSonic Account. I haven’t looked back since I started the fibre broadband service.

I have been getting consistent performance on FileSonic, so it’s worth the money that I’m paying, both for the account and the fibre broadband.

I woke up this morning to discover that TweetDeck has changed. Slightly different interface, and now we need a TweetDeck account. Not something that I like very much. Why not allow us to sign in with our Twitter account. It’s one less account littered on the Internet. But nonetheless, I created an account. TweetDeck has integration Facebook and Twitter on one screen and it’s very convenient. I *HOPE* they will consider Google+ integration as well. Then they will be the ultimate killer, in my humble opinion.

Fired up TweetDeck in my Chrome, and saw a Tweet from @davegirouard talking about new features in Gmail. There’s now better integration with Google+ which allows filtering based on Circles.

We can now add people to our circles from Gmail. I think this will tremendously help to boost the sign up for Google+ now with everything on one screen.

On a side note. The Google+ interface is still a bit unnatural somehow. It’s not as fluid as Facebook as I feel personally. Hopefully Google+ can take off in a much bigger scale. I like the circle concept much more than the Facebook lists.

Oh, 1 more upcoming. Facebook Timeline. Watch out for this. Very interesting.

As I have posted previously, I have a DIY home surveillance setup using ZoneMinder and my Foscam fi8904w. The images are pulled over internet by my ZoneMinder server.

Initially, I thought I could do 15 frames per second with my new M1 Fibre Broadband connection, but because of some issues with routing, I need to settle for about 5 frames per second. That takes up about 2Mbps of my upstream bandwidth.

Recently, there’s some improvement to the routing. The latency improved from close to 300ms to about 40ms, so I can now do 15 frames per second. The image is now less laggy, but upstream bandwidth is 5Mbps! My upstream is 25Mbps, so I’m still coping well. In the long run however, I need to find another camera that does H.264. That should cut the upstream bandwidth by 50% at least. :)

I came across the Raspberry Pi by chance some time last week and it has already gotten me immensely interested. Here are some things that I think I would want to build

Megapixel IP Camera

The megapixel camera out there are tooooooooo expensive for home use. I’m going to try to get a minimum 1 megapixel camera module and DIY an IP camera for home surveillance. Going to experiment with OpenCV for object tracking and stuff, e.g. where my daughter hides my iPhone.

Home Automation

Raspberry Pi is going to be a very low powered but nimble platform a X10 controller. The lowest powered PC I could find is still too expensive keep powered on all the time.

Weather Monitoring

Have been wondering if I could build something with humidity sensor and photosensors. Then I can write some scripts and build some simple mechanisms to open and close the house windows. Could cool the house considerably by the time I get home. I was contemplating doing this with Arduino, but it’s another learning curve.

These are the ones that I can think of currently and I think I could do this with maybe just 1 Raspberry Pi? :)

iMessage has been out for a couple of weeks. It’s transparent, so I don’t really seeing any real impact yet. Don’t get me wrong. I know my SMS quota will intact by the end of the month.

Now, the next thing that I’m anticipating is iMessage coming to OS X. iMessage is instant messaging. It should and has to be on the desktop.

This Easter Egg has been around for a while, but I just discovered it from Wikipedia. Really geeky. :)

I was reading an article in the papers today about Google saying Siri is competition to their search business. This is something that many people have been talking about, i.e. Siri changing the paradigm for internet search etc.

In my opinion however, what Siri really threatens is Google’s advertising business.

For those unfamiliar with Google’s advertising business, Google basically has 2 products, namely Adsense and Adwords. In Adwords, advertisers bid for keywords and air their advertisement on websites that displays Google Adsense. Google decides what advertisement to display based on user’s history, keywords on that user search etc. One problem with this model is that users are searching for contents and information, not the advertisements.

In Siri however, the search is very specific. If I tell Siri I want to get a pair of shoes, Apple can throw very specific advertisements to me. The conversion rate and effectiveness of the advertisement is significantly higher because Google Adsense is very passive compared to Siri. The advertising experience become personal rather than guesswork in Google’s case.

Apple has not done targeted advertisements yet in Siri’s search results, but I think they would do so soon as Siri matures more over the next few months. When this comes, Google’s going to be in an awkward position since their main revenue source is from advertisement. Bear in mind that Facebook has already splitted a portion of the pie, so Google is going to lose more should Apple grow the advertising business.

Android Orphans

A friend posted this article on my Facebook wall.

http://theunderstatement.com/post/11982112928/android-orphans-visualizing-a-sad-history-of-support

This article talks about how the various generations of Android phones are left behind while newer phones get the latest Android.

I don’t to leave this open-ended and have people think that I’m an Apple fanboy. I’m a Linux admin and I have been using Linux on my office laptop for a very long time. So why iPhone and not Android phones?

Upgrade Woes

I have never owned an Android phone. The number 1 reason is that I dislike the customizations that the individual phone makers do to the OS. The implication is that certain models will be left behind in the upgrade process. We have been this in the Windows PDA phones in the past. Because of the difference in hardware, there’s tremendous effort for the phone makers to ensure that every single model runs the most current OS. So the easy way out is to leave them behind. I forecasted this since the very first version of Android and I have been proven right all these while.

Android vs iOS

So came the Nexus One. Google supported, plain vanilla Android. I was actually contemplating getting that but I chose the iPhone 3GS. Why? My choice was very much affected by my experience on the Mac.

While I still use Linux on my office laptop, I find myself doing most of my work on my Mac. I bought my first Macbook in 2007 and after using OS X, the impression was: It just works! No tinkering. No fiddling. I don’t getting into the situation where I need to solve the machine problem even before I get down to doing work. It’s a lot of time wasted.

Similarly on the iOS, a lot of things just work out of the box. One example was configuring of L2TP over IPSEC VPN on the iPhone. It takes less than 2 mins to get the iPhone setup and connected. 3 steps to get to the configuration screen, enter configuration details and we are done. My colleague tried it on their Android phone. The first phone took us close to 10 mins to figure out how to configure the connection. He later gave up his Samsung Galaxy for a new iPhone  4.

Now Google has announced that the Nexus One is not getting the latest OS. To fair, I haven’t read the details and I’m not sure what’s the rationale. But if you look at the chart, even the iPhone 3GS gets iOS 5. While some features are not available, the major key enhancement are made available to the 3GS user. They are not left behind.

I was thinking of getting the Nexus Galaxy actually after looking at the features of Android 4, but it looks like my next phone will still be a Apple phone after all.

My Old Macbook

My 2007 Macbook has been sitting idling since I got my new Macbook Pro in September. The old Macbook has a 500GB hard disk and tons of junk inside, so I have been waiting for reinstall OS X from scratch.

Apple has this Internet Recovery feature now with Lion, where we can install Lion from scratch without the use of a DVD like the older OS X versions. Since the intention is to clean up the hard disk in my Macbook, I decided to have a go at Internet Recovery.

The Recovery

To start the recovery, press Command+R and boot up the system. The system will come to a screen with a few options to choose from.

My hard disk contains at existing OS, so I have to go to “Disk Utility” to erase the target partition. If it’s a new disk, just go direct to “Reinstall OS X Lion”.

The recovery procedure will connect to Apple and verify the validity of the machine. Apple ID is required, so I think the procedure validates if a purchase been made from the App Store. So, for those who did not get a copy of Lion from the App Store, I suspect the recovery will fail or you might be prompted to purchase Lion on the spot from the App Store. By the way, the recovery can be done over WiFi.

The recovery downloads the packages from the internet, so the internet connectivity is important. I’m subscribed to the the M1 Fibre Broadband at home, so I’m downloading at about 35Mbit/s. The package is 3.79Gb, so the download takes about 30mins.

Once the download is complete, my Macbook reboots and starts installing the OS. This takes another 20mins or so.

The Result

After 1 hour, I have a spanking clean OS X Lion on my 2007 Macbook. Thumbs up for Apple!